projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge remote-tracking branches 'asoc/topic/intel', 'asoc/topic/kirkwood', 'asoc/topic...
[linux-2.6-block.git] / net / bluetooth / hci_event.c
CommitLineData
8e87d142 1/*
1da177e4 2 BlueZ - Bluetooth protocol stack for Linux
2d0a0346 3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
1da177e4
LT		 4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
8e87d142
YH		 20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
1da177e4
LT		 27#include <asm/unaligned.h>
28
29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h>
f0d6a0ea 31#include <net/bluetooth/mgmt.h>
7ef9fbf0 32
7024728e 33#include "a2mp.h"
7ef9fbf0 34#include "amp.h"
1da177e4 35
1da177e4
LT		 36/* Handle HCI Event packets */
37
a9de9248 38static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 39{
a9de9248 40 __u8 status = *((__u8 *) skb->data);
1da177e4 41
9f1db00c 42 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 43
82f4785c 44 if (status)
a9de9248 45 return;
1da177e4 46
89352e7d 47 clear_bit(HCI_INQUIRY, &hdev->flags);
4e857c58 48 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
3e13fa1e 49 wake_up_bit(&hdev->flags, HCI_INQUIRY);
89352e7d 50
50143a43
JH		 51 hci_dev_lock(hdev);
52 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
53 hci_dev_unlock(hdev);
54
a9de9248
MH		 55 hci_conn_check_pending(hdev);
56}
6bd57416 57
4d93483b
AG		 58static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
59{
60 __u8 status = *((__u8 *) skb->data);
61
9f1db00c 62 BT_DBG("%s status 0x%2.2x", hdev->name, status);
ae854a70
AG		 63
64 if (status)
65 return;
66
67 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
4d93483b
AG		 68}
69
a9de9248
MH		 70static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
71{
72 __u8 status = *((__u8 *) skb->data);
6bd57416 73
9f1db00c 74 BT_DBG("%s status 0x%2.2x", hdev->name, status);
6bd57416 75
a9de9248
MH		 76 if (status)
77 return;
1da177e4 78
ae854a70
AG		 79 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
80
a9de9248
MH		 81 hci_conn_check_pending(hdev);
82}
83
807deac2
GP		 84static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
85 struct sk_buff *skb)
a9de9248
MH		 86{
87 BT_DBG("%s", hdev->name);
88}
89
90static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
91{
92 struct hci_rp_role_discovery *rp = (void *) skb->data;
93 struct hci_conn *conn;
94
9f1db00c 95 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 96
97 if (rp->status)
98 return;
99
100 hci_dev_lock(hdev);
101
102 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
103 if (conn) {
104 if (rp->role)
105 conn->link_mode &= ~HCI_LM_MASTER;
106 else
107 conn->link_mode |= HCI_LM_MASTER;
1da177e4 108 }
a9de9248
MH		 109
110 hci_dev_unlock(hdev);
1da177e4
LT		 111}
112
e4e8e37c
MH		 113static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
114{
115 struct hci_rp_read_link_policy *rp = (void *) skb->data;
116 struct hci_conn *conn;
117
9f1db00c 118 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 119
120 if (rp->status)
121 return;
122
123 hci_dev_lock(hdev);
124
125 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
126 if (conn)
127 conn->link_policy = __le16_to_cpu(rp->policy);
128
129 hci_dev_unlock(hdev);
130}
131
a9de9248 132static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 133{
a9de9248 134 struct hci_rp_write_link_policy *rp = (void *) skb->data;
1da177e4 135 struct hci_conn *conn;
04837f64 136 void *sent;
1da177e4 137
9f1db00c 138 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 139
a9de9248
MH		 140 if (rp->status)
141 return;
1da177e4 142
a9de9248
MH		 143 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
144 if (!sent)
145 return;
1da177e4 146
a9de9248 147 hci_dev_lock(hdev);
1da177e4 148
a9de9248 149 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
e4e8e37c 150 if (conn)
83985319 151 conn->link_policy = get_unaligned_le16(sent + 2);
1da177e4 152
a9de9248
MH		 153 hci_dev_unlock(hdev);
154}
1da177e4 155
807deac2
GP		 156static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
157 struct sk_buff *skb)
e4e8e37c
MH		 158{
159 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
160
9f1db00c 161 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
e4e8e37c
MH		 162
163 if (rp->status)
164 return;
165
166 hdev->link_policy = __le16_to_cpu(rp->policy);
167}
168
807deac2
GP		 169static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
170 struct sk_buff *skb)
e4e8e37c
MH		 171{
172 __u8 status = *((__u8 *) skb->data);
173 void *sent;
174
9f1db00c 175 BT_DBG("%s status 0x%2.2x", hdev->name, status);
e4e8e37c
MH		 176
177 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
178 if (!sent)
179 return;
180
181 if (!status)
182 hdev->link_policy = get_unaligned_le16(sent);
e4e8e37c
MH		 183}
184
a9de9248
MH		 185static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
186{
187 __u8 status = *((__u8 *) skb->data);
04837f64 188
9f1db00c 189 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 190
10572132
GP		 191 clear_bit(HCI_RESET, &hdev->flags);
192
a297e97c 193 /* Reset all non-persistent flags */
2cc6fb00 194 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
69775ff6
AG		 195
196 hdev->discovery.state = DISCOVERY_STOPPED;
bbaf444a
JH		 197 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
198 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
3f0f524b
JH		 199
200 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
201 hdev->adv_data_len = 0;
f8e808bd
MH		 202
203 memset(hdev->scan_rsp_data, 0, sizeof(hdev->scan_rsp_data));
204 hdev->scan_rsp_data_len = 0;
06f5b778 205
533553f8
MH		 206 hdev->le_scan_type = LE_SCAN_PASSIVE;
207
06f5b778 208 hdev->ssp_debug_mode = 0;
a9de9248 209}
04837f64 210
a9de9248
MH		 211static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
212{
213 __u8 status = *((__u8 *) skb->data);
214 void *sent;
04837f64 215
9f1db00c 216 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 217
a9de9248
MH		 218 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
219 if (!sent)
220 return;
04837f64 221
56e5cb86
JH		 222 hci_dev_lock(hdev);
223
f51d5b24
JH		 224 if (test_bit(HCI_MGMT, &hdev->dev_flags))
225 mgmt_set_local_name_complete(hdev, sent, status);
28cc7bde
JH		 226 else if (!status)
227 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
f51d5b24 228
56e5cb86 229 hci_dev_unlock(hdev);
a9de9248
MH		 230}
231
232static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
233{
234 struct hci_rp_read_local_name *rp = (void *) skb->data;
235
9f1db00c 236 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 237
238 if (rp->status)
239 return;
240
db99b5fc
JH		 241 if (test_bit(HCI_SETUP, &hdev->dev_flags))
242 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
a9de9248
MH		 243}
244
245static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
246{
247 __u8 status = *((__u8 *) skb->data);
248 void *sent;
249
9f1db00c 250 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 251
252 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
253 if (!sent)
254 return;
255
256 if (!status) {
257 __u8 param = *((__u8 *) sent);
258
259 if (param == AUTH_ENABLED)
260 set_bit(HCI_AUTH, &hdev->flags);
261 else
262 clear_bit(HCI_AUTH, &hdev->flags);
1da177e4 263 }
a9de9248 264
33ef95ed
JH		 265 if (test_bit(HCI_MGMT, &hdev->dev_flags))
266 mgmt_auth_enable_complete(hdev, status);
1da177e4
LT		 267}
268
a9de9248 269static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 270{
a9de9248 271 __u8 status = *((__u8 *) skb->data);
1da177e4
LT		 272 void *sent;
273
9f1db00c 274 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 275
a9de9248
MH		 276 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
277 if (!sent)
278 return;
1da177e4 279
a9de9248
MH		 280 if (!status) {
281 __u8 param = *((__u8 *) sent);
282
283 if (param)
284 set_bit(HCI_ENCRYPT, &hdev->flags);
285 else
286 clear_bit(HCI_ENCRYPT, &hdev->flags);
287 }
a9de9248 288}
1da177e4 289
a9de9248
MH		 290static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
291{
36f7fc7e
JH		 292 __u8 param, status = *((__u8 *) skb->data);
293 int old_pscan, old_iscan;
a9de9248 294 void *sent;
1da177e4 295
9f1db00c 296 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 297
a9de9248
MH		 298 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
299 if (!sent)
300 return;
1da177e4 301
36f7fc7e
JH		 302 param = *((__u8 *) sent);
303
56e5cb86
JH		 304 hci_dev_lock(hdev);
305
fa1bd918 306 if (status) {
744cf19e 307 mgmt_write_scan_failed(hdev, param, status);
2d7cee58
JH		 308 hdev->discov_timeout = 0;
309 goto done;
310 }
311
0663ca2a
JH		 312 /* We need to ensure that we set this back on if someone changed
313 * the scan mode through a raw HCI socket.
314 */
315 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
316
36f7fc7e
JH		 317 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
318 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
319
320 if (param & SCAN_INQUIRY) {
321 set_bit(HCI_ISCAN, &hdev->flags);
322 if (!old_iscan)
744cf19e 323 mgmt_discoverable(hdev, 1);
36f7fc7e 324 } else if (old_iscan)
744cf19e 325 mgmt_discoverable(hdev, 0);
36f7fc7e
JH		 326
327 if (param & SCAN_PAGE) {
328 set_bit(HCI_PSCAN, &hdev->flags);
329 if (!old_pscan)
744cf19e 330 mgmt_connectable(hdev, 1);
36f7fc7e 331 } else if (old_pscan)
744cf19e 332 mgmt_connectable(hdev, 0);
1da177e4 333
36f7fc7e 334done:
56e5cb86 335 hci_dev_unlock(hdev);
a9de9248 336}
1da177e4 337
a9de9248
MH		 338static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
339{
340 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
1da177e4 341
9f1db00c 342 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 343
a9de9248
MH		 344 if (rp->status)
345 return;
1da177e4 346
a9de9248 347 memcpy(hdev->dev_class, rp->dev_class, 3);
1da177e4 348
a9de9248 349 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
807deac2 350 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
a9de9248 351}
1da177e4 352
a9de9248
MH		 353static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
354{
355 __u8 status = *((__u8 *) skb->data);
356 void *sent;
1da177e4 357
9f1db00c 358 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 359
a9de9248
MH		 360 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
361 if (!sent)
362 return;
1da177e4 363
7f9a903c
MH		 364 hci_dev_lock(hdev);
365
366 if (status == 0)
367 memcpy(hdev->dev_class, sent, 3);
368
369 if (test_bit(HCI_MGMT, &hdev->dev_flags))
370 mgmt_set_class_of_dev_complete(hdev, sent, status);
371
372 hci_dev_unlock(hdev);
a9de9248 373}
1da177e4 374
a9de9248
MH		 375static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
376{
377 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
378 __u16 setting;
379
9f1db00c 380 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 381
382 if (rp->status)
383 return;
384
385 setting = __le16_to_cpu(rp->voice_setting);
386
f383f275 387 if (hdev->voice_setting == setting)
a9de9248
MH		 388 return;
389
390 hdev->voice_setting = setting;
391
9f1db00c 392 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
a9de9248 393
3c54711c 394 if (hdev->notify)
a9de9248 395 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
a9de9248
MH		 396}
397
8fc9ced3
GP		 398static void hci_cc_write_voice_setting(struct hci_dev *hdev,
399 struct sk_buff *skb)
a9de9248
MH		 400{
401 __u8 status = *((__u8 *) skb->data);
f383f275 402 __u16 setting;
a9de9248
MH		 403 void *sent;
404
9f1db00c 405 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 406
f383f275
MH		 407 if (status)
408 return;
409
a9de9248
MH		 410 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
411 if (!sent)
412 return;
1da177e4 413
f383f275 414 setting = get_unaligned_le16(sent);
1da177e4 415
f383f275
MH		 416 if (hdev->voice_setting == setting)
417 return;
418
419 hdev->voice_setting = setting;
1da177e4 420
9f1db00c 421 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
1da177e4 422
3c54711c 423 if (hdev->notify)
f383f275 424 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
1da177e4
LT		 425}
426
b4cb9fb2
MH		 427static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
428 struct sk_buff *skb)
429{
430 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
431
432 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
433
434 if (rp->status)
435 return;
436
437 hdev->num_iac = rp->num_iac;
438
439 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
440}
441
333140b5
MH		 442static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
443{
444 __u8 status = *((__u8 *) skb->data);
5ed8eb2f 445 struct hci_cp_write_ssp_mode *sent;
333140b5 446
9f1db00c 447 BT_DBG("%s status 0x%2.2x", hdev->name, status);
333140b5 448
333140b5
MH		 449 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
450 if (!sent)
451 return;
452
5ed8eb2f
JH		 453 if (!status) {
454 if (sent->mode)
cad718ed 455 hdev->features[1][0] |= LMP_HOST_SSP;
5ed8eb2f 456 else
cad718ed 457 hdev->features[1][0] &= ~LMP_HOST_SSP;
5ed8eb2f
JH		 458 }
459
ed2c4ee3 460 if (test_bit(HCI_MGMT, &hdev->dev_flags))
5ed8eb2f 461 mgmt_ssp_enable_complete(hdev, sent->mode, status);
c0ecddc2 462 else if (!status) {
5ed8eb2f 463 if (sent->mode)
c0ecddc2
JH		 464 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
465 else
466 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
467 }
333140b5
MH		 468}
469
eac83dc6
MH		 470static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb)
471{
472 u8 status = *((u8 *) skb->data);
473 struct hci_cp_write_sc_support *sent;
474
475 BT_DBG("%s status 0x%2.2x", hdev->name, status);
476
477 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT);
478 if (!sent)
479 return;
480
481 if (!status) {
482 if (sent->support)
483 hdev->features[1][0] |= LMP_HOST_SC;
484 else
485 hdev->features[1][0] &= ~LMP_HOST_SC;
486 }
487
488 if (test_bit(HCI_MGMT, &hdev->dev_flags))
489 mgmt_sc_enable_complete(hdev, sent->support, status);
490 else if (!status) {
491 if (sent->support)
492 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
493 else
494 clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
495 }
496}
497
a9de9248
MH		 498static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
499{
500 struct hci_rp_read_local_version *rp = (void *) skb->data;
1143e5a6 501
9f1db00c 502 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143e5a6 503
a9de9248 504 if (rp->status)
42c6b129 505 return;
1143e5a6 506
0d5551f5
MH		 507 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
508 hdev->hci_ver = rp->hci_ver;
509 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
510 hdev->lmp_ver = rp->lmp_ver;
511 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
512 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
513 }
d5859e22
JH		 514}
515
8fc9ced3
GP		 516static void hci_cc_read_local_commands(struct hci_dev *hdev,
517 struct sk_buff *skb)
a9de9248
MH		 518{
519 struct hci_rp_read_local_commands *rp = (void *) skb->data;
1da177e4 520
9f1db00c 521 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 522
6a070e6e
MH		 523 if (rp->status)
524 return;
525
526 if (test_bit(HCI_SETUP, &hdev->dev_flags))
2177bab5 527 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
a9de9248 528}
1da177e4 529
8fc9ced3
GP		 530static void hci_cc_read_local_features(struct hci_dev *hdev,
531 struct sk_buff *skb)
a9de9248
MH		 532{
533 struct hci_rp_read_local_features *rp = (void *) skb->data;
5b7f9909 534
9f1db00c 535 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 536
a9de9248
MH		 537 if (rp->status)
538 return;
5b7f9909 539
a9de9248 540 memcpy(hdev->features, rp->features, 8);
5b7f9909 541
a9de9248
MH		 542 /* Adjust default settings according to features
543 * supported by device. */
1da177e4 544
cad718ed 545 if (hdev->features[0][0] & LMP_3SLOT)
a9de9248 546 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
1da177e4 547
cad718ed 548 if (hdev->features[0][0] & LMP_5SLOT)
a9de9248 549 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
1da177e4 550
cad718ed 551 if (hdev->features[0][1] & LMP_HV2) {
a9de9248
MH		 552 hdev->pkt_type |= (HCI_HV2);
553 hdev->esco_type |= (ESCO_HV2);
554 }
1da177e4 555
cad718ed 556 if (hdev->features[0][1] & LMP_HV3) {
a9de9248
MH		 557 hdev->pkt_type |= (HCI_HV3);
558 hdev->esco_type |= (ESCO_HV3);
559 }
1da177e4 560
45db810f 561 if (lmp_esco_capable(hdev))
a9de9248 562 hdev->esco_type |= (ESCO_EV3);
da1f5198 563
cad718ed 564 if (hdev->features[0][4] & LMP_EV4)
a9de9248 565 hdev->esco_type |= (ESCO_EV4);
da1f5198 566
cad718ed 567 if (hdev->features[0][4] & LMP_EV5)
a9de9248 568 hdev->esco_type |= (ESCO_EV5);
1da177e4 569
cad718ed 570 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
efc7688b
MH		 571 hdev->esco_type |= (ESCO_2EV3);
572
cad718ed 573 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
efc7688b
MH		 574 hdev->esco_type |= (ESCO_3EV3);
575
cad718ed 576 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
efc7688b 577 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
a9de9248 578}
1da177e4 579
971e3a4b 580static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
807deac2 581 struct sk_buff *skb)
971e3a4b
AG		 582{
583 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
584
9f1db00c 585 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
971e3a4b
AG		 586
587 if (rp->status)
42c6b129 588 return;
971e3a4b 589
57af75a8
MH		 590 if (hdev->max_page < rp->max_page)
591 hdev->max_page = rp->max_page;
d2c5d77f 592
cad718ed
JH		 593 if (rp->page < HCI_MAX_PAGES)
594 memcpy(hdev->features[rp->page], rp->features, 8);
971e3a4b
AG		 595}
596
1e89cffb 597static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
807deac2 598 struct sk_buff *skb)
1e89cffb
AE		 599{
600 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
601
9f1db00c 602 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1e89cffb 603
42c6b129
JH		 604 if (!rp->status)
605 hdev->flow_ctl_mode = rp->mode;
1e89cffb
AE		 606}
607
a9de9248
MH		 608static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
609{
610 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
1da177e4 611
9f1db00c 612 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1da177e4 613
a9de9248
MH		 614 if (rp->status)
615 return;
1da177e4 616
a9de9248
MH		 617 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
618 hdev->sco_mtu = rp->sco_mtu;
619 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
620 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
621
622 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
623 hdev->sco_mtu = 64;
624 hdev->sco_pkts = 8;
1da177e4 625 }
a9de9248
MH		 626
627 hdev->acl_cnt = hdev->acl_pkts;
628 hdev->sco_cnt = hdev->sco_pkts;
629
807deac2
GP		 630 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
631 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
a9de9248
MH		 632}
633
634static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
635{
636 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
637
9f1db00c 638 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a9de9248
MH		 639
640 if (!rp->status)
641 bacpy(&hdev->bdaddr, &rp->bdaddr);
23bb5763
JH		 642}
643
f332ec66
JH		 644static void hci_cc_read_page_scan_activity(struct hci_dev *hdev,
645 struct sk_buff *skb)
646{
647 struct hci_rp_read_page_scan_activity *rp = (void *) skb->data;
648
649 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
650
651 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status) {
652 hdev->page_scan_interval = __le16_to_cpu(rp->interval);
653 hdev->page_scan_window = __le16_to_cpu(rp->window);
654 }
655}
656
4a3ee763
JH		 657static void hci_cc_write_page_scan_activity(struct hci_dev *hdev,
658 struct sk_buff *skb)
659{
660 u8 status = *((u8 *) skb->data);
661 struct hci_cp_write_page_scan_activity *sent;
662
663 BT_DBG("%s status 0x%2.2x", hdev->name, status);
664
665 if (status)
666 return;
667
668 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY);
669 if (!sent)
670 return;
671
672 hdev->page_scan_interval = __le16_to_cpu(sent->interval);
673 hdev->page_scan_window = __le16_to_cpu(sent->window);
674}
675
f332ec66
JH		 676static void hci_cc_read_page_scan_type(struct hci_dev *hdev,
677 struct sk_buff *skb)
678{
679 struct hci_rp_read_page_scan_type *rp = (void *) skb->data;
680
681 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
682
683 if (test_bit(HCI_INIT, &hdev->flags) && !rp->status)
684 hdev->page_scan_type = rp->type;
685}
686
4a3ee763
JH		 687static void hci_cc_write_page_scan_type(struct hci_dev *hdev,
688 struct sk_buff *skb)
689{
690 u8 status = *((u8 *) skb->data);
691 u8 *type;
692
693 BT_DBG("%s status 0x%2.2x", hdev->name, status);
694
695 if (status)
696 return;
697
698 type = hci_sent_cmd_data(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE);
699 if (type)
700 hdev->page_scan_type = *type;
701}
702
350ee4cf 703static void hci_cc_read_data_block_size(struct hci_dev *hdev,
807deac2 704 struct sk_buff *skb)
350ee4cf
AE		 705{
706 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
707
9f1db00c 708 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
350ee4cf
AE		 709
710 if (rp->status)
711 return;
712
713 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
714 hdev->block_len = __le16_to_cpu(rp->block_len);
715 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
716
717 hdev->block_cnt = hdev->num_blocks;
718
719 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
807deac2 720 hdev->block_cnt, hdev->block_len);
350ee4cf
AE		 721}
722
928abaa7 723static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
807deac2 724 struct sk_buff *skb)
928abaa7
AE		 725{
726 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
727
9f1db00c 728 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
928abaa7
AE		 729
730 if (rp->status)
8e2a0d92 731 goto a2mp_rsp;
928abaa7
AE		 732
733 hdev->amp_status = rp->amp_status;
734 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
735 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
736 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
737 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
738 hdev->amp_type = rp->amp_type;
739 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
740 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
741 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
742 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
743
8e2a0d92
AE		 744a2mp_rsp:
745 a2mp_send_getinfo_rsp(hdev);
928abaa7
AE		 746}
747
903e4541
AE		 748static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
749 struct sk_buff *skb)
750{
751 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
752 struct amp_assoc *assoc = &hdev->loc_assoc;
753 size_t rem_len, frag_len;
754
755 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
756
757 if (rp->status)
758 goto a2mp_rsp;
759
760 frag_len = skb->len - sizeof(*rp);
761 rem_len = __le16_to_cpu(rp->rem_len);
762
763 if (rem_len > frag_len) {
2e430be3 764 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
903e4541
AE		 765
766 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
767 assoc->offset += frag_len;
768
769 /* Read other fragments */
770 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
771
772 return;
773 }
774
775 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
776 assoc->len = assoc->offset + rem_len;
777 assoc->offset = 0;
778
779a2mp_rsp:
780 /* Send A2MP Rsp when all fragments are received */
781 a2mp_send_getampassoc_rsp(hdev, rp->status);
9495b2ee 782 a2mp_send_create_phy_link_req(hdev, rp->status);
903e4541
AE		 783}
784
d5859e22 785static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
807deac2 786 struct sk_buff *skb)
d5859e22 787{
91c4e9b1 788 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
d5859e22 789
9f1db00c 790 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
91c4e9b1
MH		 791
792 if (!rp->status)
793 hdev->inq_tx_power = rp->tx_power;
d5859e22
JH		 794}
795
980e1a53
JH		 796static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
797{
798 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
799 struct hci_cp_pin_code_reply *cp;
800 struct hci_conn *conn;
801
9f1db00c 802 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 803
56e5cb86
JH		 804 hci_dev_lock(hdev);
805
a8b2d5c2 806 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 807 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
980e1a53 808
fa1bd918 809 if (rp->status)
56e5cb86 810 goto unlock;
980e1a53
JH		 811
812 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
813 if (!cp)
56e5cb86 814 goto unlock;
980e1a53
JH		 815
816 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
817 if (conn)
818 conn->pin_length = cp->pin_len;
56e5cb86
JH		 819
820unlock:
821 hci_dev_unlock(hdev);
980e1a53
JH		 822}
823
824static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
825{
826 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
827
9f1db00c 828 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
980e1a53 829
56e5cb86
JH		 830 hci_dev_lock(hdev);
831
a8b2d5c2 832 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 833 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
807deac2 834 rp->status);
56e5cb86
JH		 835
836 hci_dev_unlock(hdev);
980e1a53 837}
56e5cb86 838
6ed58ec5
VT		 839static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
840 struct sk_buff *skb)
841{
842 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
843
9f1db00c 844 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
6ed58ec5
VT		 845
846 if (rp->status)
847 return;
848
849 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
850 hdev->le_pkts = rp->le_max_pkt;
851
852 hdev->le_cnt = hdev->le_pkts;
853
854 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
6ed58ec5 855}
980e1a53 856
60e77321
JH		 857static void hci_cc_le_read_local_features(struct hci_dev *hdev,
858 struct sk_buff *skb)
859{
860 struct hci_rp_le_read_local_features *rp = (void *) skb->data;
861
862 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
863
864 if (!rp->status)
865 memcpy(hdev->le_features, rp->features, 8);
60e77321
JH		 866}
867
8fa19098
JH		 868static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
869 struct sk_buff *skb)
870{
871 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
872
873 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
874
04b4edcb 875 if (!rp->status)
8fa19098 876 hdev->adv_tx_power = rp->tx_power;
8fa19098
JH		 877}
878
a5c29683
JH		 879static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
880{
881 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
882
9f1db00c 883 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 884
56e5cb86
JH		 885 hci_dev_lock(hdev);
886
a8b2d5c2 887 if (test_bit(HCI_MGMT, &hdev->dev_flags))
04124681
GP		 888 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
889 rp->status);
56e5cb86
JH		 890
891 hci_dev_unlock(hdev);
a5c29683
JH		 892}
893
894static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
807deac2 895 struct sk_buff *skb)
a5c29683
JH		 896{
897 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
898
9f1db00c 899 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
a5c29683 900
56e5cb86
JH		 901 hci_dev_lock(hdev);
902
a8b2d5c2 903 if (test_bit(HCI_MGMT, &hdev->dev_flags))
744cf19e 904 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
04124681 905 ACL_LINK, 0, rp->status);
56e5cb86
JH		 906
907 hci_dev_unlock(hdev);
a5c29683
JH		 908}
909
1143d458
BG		 910static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
911{
912 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
913
9f1db00c 914 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 915
916 hci_dev_lock(hdev);
917
a8b2d5c2 918 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 919 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
04124681 920 0, rp->status);
1143d458
BG		 921
922 hci_dev_unlock(hdev);
923}
924
925static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
807deac2 926 struct sk_buff *skb)
1143d458
BG		 927{
928 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
929
9f1db00c 930 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143d458
BG		 931
932 hci_dev_lock(hdev);
933
a8b2d5c2 934 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1143d458 935 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
04124681 936 ACL_LINK, 0, rp->status);
1143d458
BG		 937
938 hci_dev_unlock(hdev);
939}
940
4d2d2796
MH		 941static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
942 struct sk_buff *skb)
c35938b2
SJ		 943{
944 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
945
9f1db00c 946 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
c35938b2 947
56e5cb86 948 hci_dev_lock(hdev);
4d2d2796
MH		 949 mgmt_read_local_oob_data_complete(hdev, rp->hash, rp->randomizer,
950 NULL, NULL, rp->status);
951 hci_dev_unlock(hdev);
952}
953
954static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
955 struct sk_buff *skb)
956{
957 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
958
959 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
960
961 hci_dev_lock(hdev);
962 mgmt_read_local_oob_data_complete(hdev, rp->hash192, rp->randomizer192,
963 rp->hash256, rp->randomizer256,
964 rp->status);
56e5cb86 965 hci_dev_unlock(hdev);
c35938b2
SJ		 966}
967
7a4cd51d
MH		 968
969static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb)
970{
971 __u8 status = *((__u8 *) skb->data);
972 bdaddr_t *sent;
973
974 BT_DBG("%s status 0x%2.2x", hdev->name, status);
975
976 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_RANDOM_ADDR);
977 if (!sent)
978 return;
979
980 hci_dev_lock(hdev);
981
982 if (!status)
983 bacpy(&hdev->random_addr, sent);
984
985 hci_dev_unlock(hdev);
986}
987
c1d5dc4a
JH		 988static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
989{
990 __u8 *sent, status = *((__u8 *) skb->data);
991
992 BT_DBG("%s status 0x%2.2x", hdev->name, status);
993
994 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
995 if (!sent)
996 return;
997
3c857757
JH		 998 if (status)
999 return;
1000
c1d5dc4a
JH		 1001 hci_dev_lock(hdev);
1002
3c857757
JH		 1003 /* If we're doing connection initation as peripheral. Set a
1004 * timeout in case something goes wrong.
1005 */
1006 if (*sent) {
1007 struct hci_conn *conn;
1008
1009 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1010 if (conn)
1011 queue_delayed_work(hdev->workqueue,
1012 &conn->le_conn_timeout,
1013 HCI_LE_CONN_TIMEOUT);
1014 }
1015
1016 mgmt_advertising(hdev, *sent);
c1d5dc4a 1017
04b4edcb 1018 hci_dev_unlock(hdev);
c1d5dc4a
JH		 1019}
1020
533553f8
MH		 1021static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1022{
1023 struct hci_cp_le_set_scan_param *cp;
1024 __u8 status = *((__u8 *) skb->data);
1025
1026 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1027
1028 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_PARAM);
1029 if (!cp)
1030 return;
1031
1032 hci_dev_lock(hdev);
1033
1034 if (!status)
1035 hdev->le_scan_type = cp->type;
1036
1037 hci_dev_unlock(hdev);
1038}
1039
b9a6328f
JH		 1040static bool has_pending_adv_report(struct hci_dev *hdev)
1041{
1042 struct discovery_state *d = &hdev->discovery;
1043
1044 return bacmp(&d->last_adv_addr, BDADDR_ANY);
1045}
1046
1047static void clear_pending_adv_report(struct hci_dev *hdev)
1048{
1049 struct discovery_state *d = &hdev->discovery;
1050
1051 bacpy(&d->last_adv_addr, BDADDR_ANY);
1052 d->last_adv_data_len = 0;
1053}
1054
1055static void store_pending_adv_report(struct hci_dev *hdev, bdaddr_t *bdaddr,
ff5cd29f 1056 u8 bdaddr_type, s8 rssi, u8 *data, u8 len)
b9a6328f
JH		 1057{
1058 struct discovery_state *d = &hdev->discovery;
1059
1060 bacpy(&d->last_adv_addr, bdaddr);
1061 d->last_adv_addr_type = bdaddr_type;
ff5cd29f 1062 d->last_adv_rssi = rssi;
b9a6328f
JH		 1063 memcpy(d->last_adv_data, data, len);
1064 d->last_adv_data_len = len;
1065}
1066
eb9d91f5 1067static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
807deac2 1068 struct sk_buff *skb)
eb9d91f5
AG		 1069{
1070 struct hci_cp_le_set_scan_enable *cp;
1071 __u8 status = *((__u8 *) skb->data);
1072
9f1db00c 1073 BT_DBG("%s status 0x%2.2x", hdev->name, status);
eb9d91f5 1074
eb9d91f5
AG		 1075 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1076 if (!cp)
1077 return;
1078
3fd319b8
AG		 1079 if (status)
1080 return;
1081
68a8aea4 1082 switch (cp->enable) {
76a388be 1083 case LE_SCAN_ENABLE:
d23264a8 1084 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
b9a6328f
JH		 1085 if (hdev->le_scan_type == LE_SCAN_ACTIVE)
1086 clear_pending_adv_report(hdev);
68a8aea4
AE		 1087 break;
1088
76a388be 1089 case LE_SCAN_DISABLE:
b9a6328f
JH		 1090 /* We do this here instead of when setting DISCOVERY_STOPPED
1091 * since the latter would potentially require waiting for
1092 * inquiry to stop too.
1093 */
1094 if (has_pending_adv_report(hdev)) {
1095 struct discovery_state *d = &hdev->discovery;
1096
1097 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
ab0aa433
JH		 1098 d->last_adv_addr_type, NULL,
1099 d->last_adv_rssi, 0, 1,
1100 d->last_adv_data,
b9a6328f
JH		 1101 d->last_adv_data_len, NULL, 0);
1102 }
1103
317ac8cb
JH		 1104 /* Cancel this timer so that we don't try to disable scanning
1105 * when it's already disabled.
1106 */
1107 cancel_delayed_work(&hdev->le_scan_disable);
1108
d23264a8 1109 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
81ad6fd9
JH		 1110 /* The HCI_LE_SCAN_INTERRUPTED flag indicates that we
1111 * interrupted scanning due to a connect request. Mark
1112 * therefore discovery as stopped.
1113 */
1114 if (test_and_clear_bit(HCI_LE_SCAN_INTERRUPTED,
1115 &hdev->dev_flags))
1116 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
68a8aea4
AE		 1117 break;
1118
1119 default:
1120 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1121 break;
35815085 1122 }
eb9d91f5
AG		 1123}
1124
cf1d081f
JH		 1125static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1126 struct sk_buff *skb)
1127{
1128 struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
1129
1130 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1131
1132 if (!rp->status)
1133 hdev->le_white_list_size = rp->size;
cf1d081f
JH		 1134}
1135
0f36b589
MH		 1136static void hci_cc_le_clear_white_list(struct hci_dev *hdev,
1137 struct sk_buff *skb)
1138{
1139 __u8 status = *((__u8 *) skb->data);
1140
1141 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1142
1143 if (!status)
1144 hci_white_list_clear(hdev);
1145}
1146
1147static void hci_cc_le_add_to_white_list(struct hci_dev *hdev,
1148 struct sk_buff *skb)
1149{
1150 struct hci_cp_le_add_to_white_list *sent;
1151 __u8 status = *((__u8 *) skb->data);
1152
1153 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1154
1155 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_WHITE_LIST);
1156 if (!sent)
1157 return;
1158
1159 if (!status)
1160 hci_white_list_add(hdev, &sent->bdaddr, sent->bdaddr_type);
1161}
1162
1163static void hci_cc_le_del_from_white_list(struct hci_dev *hdev,
1164 struct sk_buff *skb)
1165{
1166 struct hci_cp_le_del_from_white_list *sent;
1167 __u8 status = *((__u8 *) skb->data);
1168
1169 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1170
1171 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_WHITE_LIST);
1172 if (!sent)
1173 return;
1174
1175 if (!status)
1176 hci_white_list_del(hdev, &sent->bdaddr, sent->bdaddr_type);
1177}
1178
9b008c04
JH		 1179static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
1180 struct sk_buff *skb)
1181{
1182 struct hci_rp_le_read_supported_states *rp = (void *) skb->data;
1183
1184 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1185
1186 if (!rp->status)
1187 memcpy(hdev->le_states, rp->le_states, 8);
9b008c04
JH		 1188}
1189
6039aa73
GP		 1190static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1191 struct sk_buff *skb)
f9b49306 1192{
06199cf8 1193 struct hci_cp_write_le_host_supported *sent;
f9b49306
AG		 1194 __u8 status = *((__u8 *) skb->data);
1195
9f1db00c 1196 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f9b49306 1197
06199cf8 1198 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
8f984dfa 1199 if (!sent)
f9b49306
AG		 1200 return;
1201
8f984dfa 1202 if (!status) {
416a4ae5 1203 if (sent->le) {
cad718ed 1204 hdev->features[1][0] |= LMP_HOST_LE;
416a4ae5
JH		 1205 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1206 } else {
cad718ed 1207 hdev->features[1][0] &= ~LMP_HOST_LE;
416a4ae5 1208 clear_bit(HCI_LE_ENABLED, &hdev->dev_flags);
f3d3444a 1209 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
416a4ae5 1210 }
53b2caab
JH		 1211
1212 if (sent->simul)
cad718ed 1213 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
53b2caab 1214 else
cad718ed 1215 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
8f984dfa 1216 }
f9b49306
AG		 1217}
1218
56ed2cb8
JH		 1219static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1220{
1221 struct hci_cp_le_set_adv_param *cp;
1222 u8 status = *((u8 *) skb->data);
1223
1224 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1225
1226 if (status)
1227 return;
1228
1229 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_PARAM);
1230 if (!cp)
1231 return;
1232
1233 hci_dev_lock(hdev);
1234 hdev->adv_addr_type = cp->own_address_type;
1235 hci_dev_unlock(hdev);
1236}
1237
93c284ee
AE		 1238static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1239 struct sk_buff *skb)
1240{
1241 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1242
1243 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1244 hdev->name, rp->status, rp->phy_handle);
1245
1246 if (rp->status)
1247 return;
1248
1249 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1250}
1251
5ae76a94
AK		 1252static void hci_cc_read_rssi(struct hci_dev *hdev, struct sk_buff *skb)
1253{
1254 struct hci_rp_read_rssi *rp = (void *) skb->data;
1255 struct hci_conn *conn;
1256
1257 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1258
1259 if (rp->status)
1260 return;
1261
1262 hci_dev_lock(hdev);
1263
1264 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1265 if (conn)
1266 conn->rssi = rp->rssi;
1267
1268 hci_dev_unlock(hdev);
1269}
1270
5a134fae
AK		 1271static void hci_cc_read_tx_power(struct hci_dev *hdev, struct sk_buff *skb)
1272{
1273 struct hci_cp_read_tx_power *sent;
1274 struct hci_rp_read_tx_power *rp = (void *) skb->data;
1275 struct hci_conn *conn;
1276
1277 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1278
1279 if (rp->status)
1280 return;
1281
1282 sent = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
1283 if (!sent)
1284 return;
1285
1286 hci_dev_lock(hdev);
1287
1288 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
d0455ed9
AK		 1289 if (!conn)
1290 goto unlock;
1291
1292 switch (sent->type) {
1293 case 0x00:
5a134fae 1294 conn->tx_power = rp->tx_power;
d0455ed9
AK		 1295 break;
1296 case 0x01:
1297 conn->max_tx_power = rp->tx_power;
1298 break;
1299 }
5a134fae 1300
d0455ed9 1301unlock:
5a134fae
AK		 1302 hci_dev_unlock(hdev);
1303}
1304
6039aa73 1305static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
a9de9248 1306{
9f1db00c 1307 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1308
1309 if (status) {
a9de9248 1310 hci_conn_check_pending(hdev);
314b2381
JH		 1311 return;
1312 }
1313
89352e7d 1314 set_bit(HCI_INQUIRY, &hdev->flags);
1da177e4
LT		 1315}
1316
6039aa73 1317static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1da177e4 1318{
a9de9248 1319 struct hci_cp_create_conn *cp;
1da177e4 1320 struct hci_conn *conn;
1da177e4 1321
9f1db00c 1322 BT_DBG("%s status 0x%2.2x", hdev->name, status);
a9de9248
MH		 1323
1324 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1da177e4
LT		 1325 if (!cp)
1326 return;
1327
1328 hci_dev_lock(hdev);
1329
1330 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1331
6ed93dc6 1332 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1da177e4
LT		 1333
1334 if (status) {
1335 if (conn && conn->state == BT_CONNECT) {
4c67bc74
MH		 1336 if (status != 0x0c || conn->attempt > 2) {
1337 conn->state = BT_CLOSED;
1338 hci_proto_connect_cfm(conn, status);
1339 hci_conn_del(conn);
1340 } else
1341 conn->state = BT_CONNECT2;
1da177e4
LT		 1342 }
1343 } else {
1344 if (!conn) {
1345 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1346 if (conn) {
a0c808b3 1347 conn->out = true;
1da177e4
LT		 1348 conn->link_mode |= HCI_LM_MASTER;
1349 } else
893ef971 1350 BT_ERR("No memory for new connection");
1da177e4
LT		 1351 }
1352 }
1353
1354 hci_dev_unlock(hdev);
1355}
1356
a9de9248 1357static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1da177e4 1358{
a9de9248
MH		 1359 struct hci_cp_add_sco *cp;
1360 struct hci_conn *acl, *sco;
1361 __u16 handle;
1da177e4 1362
9f1db00c 1363 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82 1364
a9de9248
MH		 1365 if (!status)
1366 return;
1da177e4 1367
a9de9248
MH		 1368 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1369 if (!cp)
1370 return;
1da177e4 1371
a9de9248 1372 handle = __le16_to_cpu(cp->handle);
1da177e4 1373
9f1db00c 1374 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1da177e4 1375
a9de9248 1376 hci_dev_lock(hdev);
1da177e4 1377
a9de9248 1378 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1379 if (acl) {
1380 sco = acl->link;
1381 if (sco) {
1382 sco->state = BT_CLOSED;
1da177e4 1383
5a08ecce
AE		 1384 hci_proto_connect_cfm(sco, status);
1385 hci_conn_del(sco);
1386 }
a9de9248 1387 }
1da177e4 1388
a9de9248
MH		 1389 hci_dev_unlock(hdev);
1390}
1da177e4 1391
f8558555
MH		 1392static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1393{
1394 struct hci_cp_auth_requested *cp;
1395 struct hci_conn *conn;
1396
9f1db00c 1397 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1398
1399 if (!status)
1400 return;
1401
1402 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1403 if (!cp)
1404 return;
1405
1406 hci_dev_lock(hdev);
1407
1408 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1409 if (conn) {
1410 if (conn->state == BT_CONFIG) {
1411 hci_proto_connect_cfm(conn, status);
76a68ba0 1412 hci_conn_drop(conn);
f8558555
MH		 1413 }
1414 }
1415
1416 hci_dev_unlock(hdev);
1417}
1418
1419static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1420{
1421 struct hci_cp_set_conn_encrypt *cp;
1422 struct hci_conn *conn;
1423
9f1db00c 1424 BT_DBG("%s status 0x%2.2x", hdev->name, status);
f8558555
MH		 1425
1426 if (!status)
1427 return;
1428
1429 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1430 if (!cp)
1431 return;
1432
1433 hci_dev_lock(hdev);
1434
1435 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1436 if (conn) {
1437 if (conn->state == BT_CONFIG) {
1438 hci_proto_connect_cfm(conn, status);
76a68ba0 1439 hci_conn_drop(conn);
f8558555
MH		 1440 }
1441 }
1442
1443 hci_dev_unlock(hdev);
1444}
1445
127178d2 1446static int hci_outgoing_auth_needed(struct hci_dev *hdev,
807deac2 1447 struct hci_conn *conn)
392599b9 1448{
392599b9
JH		 1449 if (conn->state != BT_CONFIG || !conn->out)
1450 return 0;
1451
765c2a96 1452 if (conn->pending_sec_level == BT_SECURITY_SDP)
392599b9
JH		 1453 return 0;
1454
1455 /* Only request authentication for SSP connections or non-SSP
264b8b4e
JH		 1456 * devices with sec_level MEDIUM or HIGH or if MITM protection
1457 * is requested.
1458 */
807deac2 1459 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
7e3691e1 1460 conn->pending_sec_level != BT_SECURITY_FIPS &&
264b8b4e
JH		 1461 conn->pending_sec_level != BT_SECURITY_HIGH &&
1462 conn->pending_sec_level != BT_SECURITY_MEDIUM)
392599b9
JH		 1463 return 0;
1464
392599b9
JH		 1465 return 1;
1466}
1467
6039aa73 1468static int hci_resolve_name(struct hci_dev *hdev,
04124681 1469 struct inquiry_entry *e)
30dc78e1
JH		 1470{
1471 struct hci_cp_remote_name_req cp;
1472
1473 memset(&cp, 0, sizeof(cp));
1474
1475 bacpy(&cp.bdaddr, &e->data.bdaddr);
1476 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1477 cp.pscan_mode = e->data.pscan_mode;
1478 cp.clock_offset = e->data.clock_offset;
1479
1480 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1481}
1482
b644ba33 1483static bool hci_resolve_next_name(struct hci_dev *hdev)
30dc78e1
JH		 1484{
1485 struct discovery_state *discov = &hdev->discovery;
1486 struct inquiry_entry *e;
1487
b644ba33
JH		 1488 if (list_empty(&discov->resolve))
1489 return false;
1490
1491 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
c810089c
RM		 1492 if (!e)
1493 return false;
1494
b644ba33
JH		 1495 if (hci_resolve_name(hdev, e) == 0) {
1496 e->name_state = NAME_PENDING;
1497 return true;
1498 }
1499
1500 return false;
1501}
1502
1503static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
04124681 1504 bdaddr_t *bdaddr, u8 *name, u8 name_len)
b644ba33
JH		 1505{
1506 struct discovery_state *discov = &hdev->discovery;
1507 struct inquiry_entry *e;
1508
1509 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
04124681
GP		 1510 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1511 name_len, conn->dev_class);
b644ba33
JH		 1512
1513 if (discov->state == DISCOVERY_STOPPED)
1514 return;
1515
30dc78e1
JH		 1516 if (discov->state == DISCOVERY_STOPPING)
1517 goto discov_complete;
1518
1519 if (discov->state != DISCOVERY_RESOLVING)
1520 return;
1521
1522 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
7cc8380e
RM		 1523 /* If the device was not found in a list of found devices names of which
1524 * are pending. there is no need to continue resolving a next name as it
1525 * will be done upon receiving another Remote Name Request Complete
1526 * Event */
1527 if (!e)
1528 return;
1529
1530 list_del(&e->list);
1531 if (name) {
30dc78e1 1532 e->name_state = NAME_KNOWN;
7cc8380e
RM		 1533 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1534 e->data.rssi, name, name_len);
c3e7c0d9
RM		 1535 } else {
1536 e->name_state = NAME_NOT_KNOWN;
30dc78e1
JH		 1537 }
1538
b644ba33 1539 if (hci_resolve_next_name(hdev))
30dc78e1 1540 return;
30dc78e1
JH		 1541
1542discov_complete:
1543 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1544}
1545
a9de9248
MH		 1546static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1547{
127178d2
JH		 1548 struct hci_cp_remote_name_req *cp;
1549 struct hci_conn *conn;
1550
9f1db00c 1551 BT_DBG("%s status 0x%2.2x", hdev->name, status);
127178d2
JH		 1552
1553 /* If successful wait for the name req complete event before
1554 * checking for the need to do authentication */
1555 if (!status)
1556 return;
1557
1558 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1559 if (!cp)
1560 return;
1561
1562 hci_dev_lock(hdev);
1563
b644ba33
JH		 1564 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1565
a8b2d5c2 1566 if (test_bit(HCI_MGMT, &hdev->dev_flags))
b644ba33 1567 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
30dc78e1 1568
79c6c70c
JH		 1569 if (!conn)
1570 goto unlock;
1571
1572 if (!hci_outgoing_auth_needed(hdev, conn))
1573 goto unlock;
1574
51a8efd7 1575 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
c1f23a2b
JB		 1576 struct hci_cp_auth_requested auth_cp;
1577
1578 auth_cp.handle = __cpu_to_le16(conn->handle);
1579 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1580 sizeof(auth_cp), &auth_cp);
127178d2
JH		 1581 }
1582
79c6c70c 1583unlock:
127178d2 1584 hci_dev_unlock(hdev);
a9de9248 1585}
1da177e4 1586
769be974
MH		 1587static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1588{
1589 struct hci_cp_read_remote_features *cp;
1590 struct hci_conn *conn;
1591
9f1db00c 1592 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1593
1594 if (!status)
1595 return;
1596
1597 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1598 if (!cp)
1599 return;
1600
1601 hci_dev_lock(hdev);
1602
1603 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1604 if (conn) {
1605 if (conn->state == BT_CONFIG) {
769be974 1606 hci_proto_connect_cfm(conn, status);
76a68ba0 1607 hci_conn_drop(conn);
769be974
MH		 1608 }
1609 }
1610
1611 hci_dev_unlock(hdev);
1612}
1613
1614static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1615{
1616 struct hci_cp_read_remote_ext_features *cp;
1617 struct hci_conn *conn;
1618
9f1db00c 1619 BT_DBG("%s status 0x%2.2x", hdev->name, status);
769be974
MH		 1620
1621 if (!status)
1622 return;
1623
1624 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1625 if (!cp)
1626 return;
1627
1628 hci_dev_lock(hdev);
1629
1630 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1631 if (conn) {
1632 if (conn->state == BT_CONFIG) {
769be974 1633 hci_proto_connect_cfm(conn, status);
76a68ba0 1634 hci_conn_drop(conn);
769be974
MH		 1635 }
1636 }
1637
1638 hci_dev_unlock(hdev);
1639}
1640
a9de9248
MH		 1641static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1642{
b6a0dc82
MH		 1643 struct hci_cp_setup_sync_conn *cp;
1644 struct hci_conn *acl, *sco;
1645 __u16 handle;
1646
9f1db00c 1647 BT_DBG("%s status 0x%2.2x", hdev->name, status);
b6a0dc82
MH		 1648
1649 if (!status)
1650 return;
1651
1652 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1653 if (!cp)
1654 return;
1655
1656 handle = __le16_to_cpu(cp->handle);
1657
9f1db00c 1658 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
b6a0dc82
MH		 1659
1660 hci_dev_lock(hdev);
1661
1662 acl = hci_conn_hash_lookup_handle(hdev, handle);
5a08ecce
AE		 1663 if (acl) {
1664 sco = acl->link;
1665 if (sco) {
1666 sco->state = BT_CLOSED;
b6a0dc82 1667
5a08ecce
AE		 1668 hci_proto_connect_cfm(sco, status);
1669 hci_conn_del(sco);
1670 }
b6a0dc82
MH		 1671 }
1672
1673 hci_dev_unlock(hdev);
1da177e4
LT		 1674}
1675
a9de9248 1676static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1da177e4 1677{
a9de9248
MH		 1678 struct hci_cp_sniff_mode *cp;
1679 struct hci_conn *conn;
1da177e4 1680
9f1db00c 1681 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1682
a9de9248
MH		 1683 if (!status)
1684 return;
04837f64 1685
a9de9248
MH		 1686 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1687 if (!cp)
1688 return;
04837f64 1689
a9de9248 1690 hci_dev_lock(hdev);
04837f64 1691
a9de9248 1692 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1693 if (conn) {
51a8efd7 1694 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
04837f64 1695
51a8efd7 1696 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1697 hci_sco_setup(conn, status);
1698 }
1699
a9de9248
MH		 1700 hci_dev_unlock(hdev);
1701}
04837f64 1702
a9de9248
MH		 1703static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1704{
1705 struct hci_cp_exit_sniff_mode *cp;
1706 struct hci_conn *conn;
04837f64 1707
9f1db00c 1708 BT_DBG("%s status 0x%2.2x", hdev->name, status);
04837f64 1709
a9de9248
MH		 1710 if (!status)
1711 return;
04837f64 1712
a9de9248
MH		 1713 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1714 if (!cp)
1715 return;
04837f64 1716
a9de9248 1717 hci_dev_lock(hdev);
1da177e4 1718
a9de9248 1719 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
e73439d8 1720 if (conn) {
51a8efd7 1721 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1da177e4 1722
51a8efd7 1723 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8
MH		 1724 hci_sco_setup(conn, status);
1725 }
1726
a9de9248 1727 hci_dev_unlock(hdev);
1da177e4
LT		 1728}
1729
88c3df13
JH		 1730static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1731{
1732 struct hci_cp_disconnect *cp;
1733 struct hci_conn *conn;
1734
1735 if (!status)
1736 return;
1737
1738 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1739 if (!cp)
1740 return;
1741
1742 hci_dev_lock(hdev);
1743
1744 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1745 if (conn)
1746 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
04124681 1747 conn->dst_type, status);
88c3df13
JH		 1748
1749 hci_dev_unlock(hdev);
1750}
1751
a02226d6
AE		 1752static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1753{
93c284ee
AE		 1754 struct hci_cp_create_phy_link *cp;
1755
a02226d6 1756 BT_DBG("%s status 0x%2.2x", hdev->name, status);
93c284ee 1757
93c284ee
AE		 1758 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1759 if (!cp)
1760 return;
1761
e58917b9
AE		 1762 hci_dev_lock(hdev);
1763
1764 if (status) {
1765 struct hci_conn *hcon;
1766
1767 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1768 if (hcon)
1769 hci_conn_del(hcon);
1770 } else {
1771 amp_write_remote_assoc(hdev, cp->phy_handle);
1772 }
1773
1774 hci_dev_unlock(hdev);
a02226d6
AE		 1775}
1776
0b26ab9d
AE		 1777static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1778{
1779 struct hci_cp_accept_phy_link *cp;
1780
1781 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1782
1783 if (status)
1784 return;
1785
1786 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1787 if (!cp)
1788 return;
1789
1790 amp_write_remote_assoc(hdev, cp->phy_handle);
1791}
1792
cb1d68f7
JH		 1793static void hci_cs_le_create_conn(struct hci_dev *hdev, u8 status)
1794{
1795 struct hci_cp_le_create_conn *cp;
1796 struct hci_conn *conn;
1797
1798 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1799
1800 /* All connection failure handling is taken care of by the
1801 * hci_le_conn_failed function which is triggered by the HCI
1802 * request completion callbacks used for connecting.
1803 */
1804 if (status)
1805 return;
1806
1807 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1808 if (!cp)
1809 return;
1810
1811 hci_dev_lock(hdev);
1812
1813 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1814 if (!conn)
1815 goto unlock;
1816
1817 /* Store the initiator and responder address information which
1818 * is needed for SMP. These values will not change during the
1819 * lifetime of the connection.
1820 */
1821 conn->init_addr_type = cp->own_address_type;
1822 if (cp->own_address_type == ADDR_LE_DEV_RANDOM)
1823 bacpy(&conn->init_addr, &hdev->random_addr);
1824 else
1825 bacpy(&conn->init_addr, &hdev->bdaddr);
1826
1827 conn->resp_addr_type = cp->peer_addr_type;
1828 bacpy(&conn->resp_addr, &cp->peer_addr);
1829
9489eca4
JH		 1830 /* We don't want the connection attempt to stick around
1831 * indefinitely since LE doesn't have a page timeout concept
1832 * like BR/EDR. Set a timer for any connection that doesn't use
1833 * the white list for connecting.
1834 */
1835 if (cp->filter_policy == HCI_LE_USE_PEER_ADDR)
1836 queue_delayed_work(conn->hdev->workqueue,
1837 &conn->le_conn_timeout,
1838 HCI_LE_CONN_TIMEOUT);
1839
cb1d68f7
JH		 1840unlock:
1841 hci_dev_unlock(hdev);
1842}
1843
81d0c8ad
JH		 1844static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1845{
1846 struct hci_cp_le_start_enc *cp;
1847 struct hci_conn *conn;
1848
1849 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1850
1851 if (!status)
1852 return;
1853
1854 hci_dev_lock(hdev);
1855
1856 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_START_ENC);
1857 if (!cp)
1858 goto unlock;
1859
1860 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1861 if (!conn)
1862 goto unlock;
1863
1864 if (conn->state != BT_CONNECTED)
1865 goto unlock;
1866
1867 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
1868 hci_conn_drop(conn);
1869
1870unlock:
1871 hci_dev_unlock(hdev);
1872}
1873
6039aa73 1874static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 1875{
1876 __u8 status = *((__u8 *) skb->data);
30dc78e1
JH		 1877 struct discovery_state *discov = &hdev->discovery;
1878 struct inquiry_entry *e;
1da177e4 1879
9f1db00c 1880 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1da177e4 1881
a9de9248 1882 hci_conn_check_pending(hdev);
89352e7d
AG		 1883
1884 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1885 return;
1886
4e857c58 1887 smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */
3e13fa1e
AG		 1888 wake_up_bit(&hdev->flags, HCI_INQUIRY);
1889
a8b2d5c2 1890 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
30dc78e1
JH		 1891 return;
1892
56e5cb86 1893 hci_dev_lock(hdev);
30dc78e1 1894
343f935b 1895 if (discov->state != DISCOVERY_FINDING)
30dc78e1
JH		 1896 goto unlock;
1897
1898 if (list_empty(&discov->resolve)) {
1899 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1900 goto unlock;
1901 }
1902
1903 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1904 if (e && hci_resolve_name(hdev, e) == 0) {
1905 e->name_state = NAME_PENDING;
1906 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1907 } else {
1908 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1909 }
1910
1911unlock:
56e5cb86 1912 hci_dev_unlock(hdev);
1da177e4
LT		 1913}
1914
6039aa73 1915static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1916{
45bb4bf0 1917 struct inquiry_data data;
a9de9248 1918 struct inquiry_info *info = (void *) (skb->data + 1);
1da177e4
LT		 1919 int num_rsp = *((__u8 *) skb->data);
1920
1921 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1922
45bb4bf0
MH		 1923 if (!num_rsp)
1924 return;
1925
1519cc17
AG		 1926 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1927 return;
1928
1da177e4 1929 hci_dev_lock(hdev);
45bb4bf0 1930
e17acd40 1931 for (; num_rsp; num_rsp--, info++) {
388fc8fa 1932 bool name_known, ssp;
3175405b 1933
1da177e4
LT		 1934 bacpy(&data.bdaddr, &info->bdaddr);
1935 data.pscan_rep_mode = info->pscan_rep_mode;
1936 data.pscan_period_mode = info->pscan_period_mode;
1937 data.pscan_mode = info->pscan_mode;
1938 memcpy(data.dev_class, info->dev_class, 3);
1939 data.clock_offset = info->clock_offset;
1940 data.rssi = 0x00;
41a96212 1941 data.ssp_mode = 0x00;
3175405b 1942
388fc8fa 1943 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
48264f06 1944 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 1945 info->dev_class, 0, !name_known, ssp, NULL,
5d2e9fad 1946 0, NULL, 0);
1da177e4 1947 }
45bb4bf0 1948
1da177e4
LT		 1949 hci_dev_unlock(hdev);
1950}
1951
6039aa73 1952static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 1953{
a9de9248
MH		 1954 struct hci_ev_conn_complete *ev = (void *) skb->data;
1955 struct hci_conn *conn;
1da177e4
LT		 1956
1957 BT_DBG("%s", hdev->name);
1958
1959 hci_dev_lock(hdev);
1960
1961 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9499237a
MH		 1962 if (!conn) {
1963 if (ev->link_type != SCO_LINK)
1964 goto unlock;
1965
1966 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1967 if (!conn)
1968 goto unlock;
1969
1970 conn->type = SCO_LINK;
1971 }
1da177e4
LT		 1972
1973 if (!ev->status) {
1974 conn->handle = __le16_to_cpu(ev->handle);
769be974
MH		 1975
1976 if (conn->type == ACL_LINK) {
1977 conn->state = BT_CONFIG;
1978 hci_conn_hold(conn);
a9ea3ed9
SJ		 1979
1980 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1981 !hci_find_link_key(hdev, &ev->bdaddr))
1982 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1983 else
1984 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
769be974
MH		 1985 } else
1986 conn->state = BT_CONNECTED;
1da177e4 1987
7d0db0a3
MH		 1988 hci_conn_add_sysfs(conn);
1989
1da177e4
LT		 1990 if (test_bit(HCI_AUTH, &hdev->flags))
1991 conn->link_mode |= HCI_LM_AUTH;
1992
1993 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1994 conn->link_mode |= HCI_LM_ENCRYPT;
1995
04837f64
MH		 1996 /* Get remote features */
1997 if (conn->type == ACL_LINK) {
1998 struct hci_cp_read_remote_features cp;
1999 cp.handle = ev->handle;
769be974 2000 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
04124681 2001 sizeof(cp), &cp);
04837f64
MH		 2002 }
2003
1da177e4 2004 /* Set packet type for incoming connection */
d095c1eb 2005 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1da177e4
LT		 2006 struct hci_cp_change_conn_ptype cp;
2007 cp.handle = ev->handle;
a8746417 2008 cp.pkt_type = cpu_to_le16(conn->pkt_type);
04124681
GP		 2009 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
2010 &cp);
1da177e4 2011 }
17d5c04c 2012 } else {
1da177e4 2013 conn->state = BT_CLOSED;
17d5c04c 2014 if (conn->type == ACL_LINK)
64c7b77c 2015 mgmt_connect_failed(hdev, &conn->dst, conn->type,
04124681 2016 conn->dst_type, ev->status);
17d5c04c 2017 }
1da177e4 2018
e73439d8
MH		 2019 if (conn->type == ACL_LINK)
2020 hci_sco_setup(conn, ev->status);
1da177e4 2021
769be974
MH		 2022 if (ev->status) {
2023 hci_proto_connect_cfm(conn, ev->status);
1da177e4 2024 hci_conn_del(conn);
c89b6e6b
MH		 2025 } else if (ev->link_type != ACL_LINK)
2026 hci_proto_connect_cfm(conn, ev->status);
1da177e4 2027
a9de9248 2028unlock:
1da177e4 2029 hci_dev_unlock(hdev);
1da177e4 2030
a9de9248 2031 hci_conn_check_pending(hdev);
1da177e4
LT		 2032}
2033
6039aa73 2034static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2035{
a9de9248
MH		 2036 struct hci_ev_conn_request *ev = (void *) skb->data;
2037 int mask = hdev->link_mode;
20714bfe 2038 __u8 flags = 0;
1da177e4 2039
6ed93dc6 2040 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
807deac2 2041 ev->link_type);
1da177e4 2042
20714bfe
FD		 2043 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
2044 &flags);
1da177e4 2045
138d22ef 2046 if ((mask & HCI_LM_ACCEPT) &&
b9ee0a78 2047 !hci_blacklist_lookup(hdev, &ev->bdaddr, BDADDR_BREDR)) {
a9de9248 2048 /* Connection accepted */
c7bdd502 2049 struct inquiry_entry *ie;
1da177e4 2050 struct hci_conn *conn;
1da177e4 2051
a9de9248 2052 hci_dev_lock(hdev);
b6a0dc82 2053
cc11b9c1
AE		 2054 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2055 if (ie)
c7bdd502
MH		 2056 memcpy(ie->data.dev_class, ev->dev_class, 3);
2057
8fc9ced3
GP		 2058 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
2059 &ev->bdaddr);
a9de9248 2060 if (!conn) {
cc11b9c1
AE		 2061 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
2062 if (!conn) {
893ef971 2063 BT_ERR("No memory for new connection");
a9de9248
MH		 2064 hci_dev_unlock(hdev);
2065 return;
1da177e4
LT		 2066 }
2067 }
b6a0dc82 2068
a9de9248 2069 memcpy(conn->dev_class, ev->dev_class, 3);
b6a0dc82 2070
a9de9248 2071 hci_dev_unlock(hdev);
1da177e4 2072
20714bfe
FD		 2073 if (ev->link_type == ACL_LINK ||
2074 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
b6a0dc82 2075 struct hci_cp_accept_conn_req cp;
20714bfe 2076 conn->state = BT_CONNECT;
1da177e4 2077
b6a0dc82
MH		 2078 bacpy(&cp.bdaddr, &ev->bdaddr);
2079
2080 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2081 cp.role = 0x00; /* Become master */
2082 else
2083 cp.role = 0x01; /* Remain slave */
2084
04124681
GP		 2085 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
2086 &cp);
20714bfe 2087 } else if (!(flags & HCI_PROTO_DEFER)) {
b6a0dc82 2088 struct hci_cp_accept_sync_conn_req cp;
20714bfe 2089 conn->state = BT_CONNECT;
b6a0dc82
MH		 2090
2091 bacpy(&cp.bdaddr, &ev->bdaddr);
a8746417 2092 cp.pkt_type = cpu_to_le16(conn->pkt_type);
b6a0dc82 2093
dcf4adbf
JP		 2094 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
2095 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
2096 cp.max_latency = cpu_to_le16(0xffff);
b6a0dc82
MH		 2097 cp.content_format = cpu_to_le16(hdev->voice_setting);
2098 cp.retrans_effort = 0xff;
1da177e4 2099
b6a0dc82 2100 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
04124681 2101 sizeof(cp), &cp);
20714bfe
FD		 2102 } else {
2103 conn->state = BT_CONNECT2;
2104 hci_proto_connect_cfm(conn, 0);
b6a0dc82 2105 }
a9de9248
MH		 2106 } else {
2107 /* Connection rejected */
2108 struct hci_cp_reject_conn_req cp;
1da177e4 2109
a9de9248 2110 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 2111 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
a9de9248 2112 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1da177e4 2113 }
1da177e4
LT		 2114}
2115
f0d6a0ea
MA		 2116static u8 hci_to_mgmt_reason(u8 err)
2117{
2118 switch (err) {
2119 case HCI_ERROR_CONNECTION_TIMEOUT:
2120 return MGMT_DEV_DISCONN_TIMEOUT;
2121 case HCI_ERROR_REMOTE_USER_TERM:
2122 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2123 case HCI_ERROR_REMOTE_POWER_OFF:
2124 return MGMT_DEV_DISCONN_REMOTE;
2125 case HCI_ERROR_LOCAL_HOST_TERM:
2126 return MGMT_DEV_DISCONN_LOCAL_HOST;
2127 default:
2128 return MGMT_DEV_DISCONN_UNKNOWN;
2129 }
2130}
2131
6039aa73 2132static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2133{
a9de9248 2134 struct hci_ev_disconn_complete *ev = (void *) skb->data;
abf54a50 2135 u8 reason = hci_to_mgmt_reason(ev->reason);
9fcb18ef 2136 struct hci_conn_params *params;
04837f64 2137 struct hci_conn *conn;
12d4a3b2 2138 bool mgmt_connected;
3846220b 2139 u8 type;
04837f64 2140
9f1db00c 2141 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2142
2143 hci_dev_lock(hdev);
2144
2145 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
f7520543
JH		 2146 if (!conn)
2147 goto unlock;
7d0db0a3 2148
abf54a50
AG		 2149 if (ev->status) {
2150 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2151 conn->dst_type, ev->status);
2152 goto unlock;
37d9ef76 2153 }
f7520543 2154
3846220b
AG		 2155 conn->state = BT_CLOSED;
2156
12d4a3b2
JH		 2157 mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags);
2158 mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type,
2159 reason, mgmt_connected);
abf54a50 2160
3846220b
AG		 2161 if (conn->type == ACL_LINK && conn->flush_key)
2162 hci_remove_link_key(hdev, &conn->dst);
2210246c 2163
9fcb18ef
AG		 2164 params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
2165 if (params) {
2166 switch (params->auto_connect) {
2167 case HCI_AUTO_CONN_LINK_LOSS:
2168 if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT)
2169 break;
2170 /* Fall through */
2171
2172 case HCI_AUTO_CONN_ALWAYS:
2173 hci_pend_le_conn_add(hdev, &conn->dst, conn->dst_type);
2174 break;
2175
2176 default:
2177 break;
2178 }
2179 }
2180
3846220b 2181 type = conn->type;
2210246c 2182
3846220b
AG		 2183 hci_proto_disconn_cfm(conn, ev->reason);
2184 hci_conn_del(conn);
2185
2186 /* Re-enable advertising if necessary, since it might
2187 * have been disabled by the connection. From the
2188 * HCI_LE_Set_Advertise_Enable command description in
2189 * the core specification (v4.0):
2190 * "The Controller shall continue advertising until the Host
2191 * issues an LE_Set_Advertise_Enable command with
2192 * Advertising_Enable set to 0x00 (Advertising is disabled)
2193 * or until a connection is created or until the Advertising
2194 * is timed out due to Directed Advertising."
2195 */
2196 if (type == LE_LINK)
2197 mgmt_reenable_advertising(hdev);
f7520543
JH		 2198
2199unlock:
04837f64
MH		 2200 hci_dev_unlock(hdev);
2201}
2202
6039aa73 2203static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2204{
a9de9248 2205 struct hci_ev_auth_complete *ev = (void *) skb->data;
04837f64 2206 struct hci_conn *conn;
1da177e4 2207
9f1db00c 2208 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2209
2210 hci_dev_lock(hdev);
2211
04837f64 2212 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
d7556e20
WR		 2213 if (!conn)
2214 goto unlock;
2215
2216 if (!ev->status) {
aa64a8b5 2217 if (!hci_conn_ssp_enabled(conn) &&
807deac2 2218 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
d7556e20 2219 BT_INFO("re-auth of legacy device is not possible.");
2a611692 2220 } else {
d7556e20
WR		 2221 conn->link_mode |= HCI_LM_AUTH;
2222 conn->sec_level = conn->pending_sec_level;
2a611692 2223 }
d7556e20 2224 } else {
bab73cb6 2225 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 2226 ev->status);
d7556e20 2227 }
1da177e4 2228
51a8efd7
JH		 2229 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2230 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1da177e4 2231
d7556e20 2232 if (conn->state == BT_CONFIG) {
aa64a8b5 2233 if (!ev->status && hci_conn_ssp_enabled(conn)) {
d7556e20
WR		 2234 struct hci_cp_set_conn_encrypt cp;
2235 cp.handle = ev->handle;
2236 cp.encrypt = 0x01;
2237 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2238 &cp);
052b30b0 2239 } else {
d7556e20
WR		 2240 conn->state = BT_CONNECTED;
2241 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 2242 hci_conn_drop(conn);
052b30b0 2243 }
d7556e20
WR		 2244 } else {
2245 hci_auth_cfm(conn, ev->status);
052b30b0 2246
d7556e20
WR		 2247 hci_conn_hold(conn);
2248 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 2249 hci_conn_drop(conn);
d7556e20
WR		 2250 }
2251
51a8efd7 2252 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
d7556e20
WR		 2253 if (!ev->status) {
2254 struct hci_cp_set_conn_encrypt cp;
2255 cp.handle = ev->handle;
2256 cp.encrypt = 0x01;
2257 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
807deac2 2258 &cp);
d7556e20 2259 } else {
51a8efd7 2260 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
d7556e20 2261 hci_encrypt_cfm(conn, ev->status, 0x00);
1da177e4
LT		 2262 }
2263 }
2264
d7556e20 2265unlock:
1da177e4
LT		 2266 hci_dev_unlock(hdev);
2267}
2268
6039aa73 2269static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 2270{
127178d2
JH		 2271 struct hci_ev_remote_name *ev = (void *) skb->data;
2272 struct hci_conn *conn;
2273
a9de9248 2274 BT_DBG("%s", hdev->name);
1da177e4 2275
a9de9248 2276 hci_conn_check_pending(hdev);
127178d2
JH		 2277
2278 hci_dev_lock(hdev);
2279
b644ba33 2280 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
30dc78e1 2281
b644ba33
JH		 2282 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2283 goto check_auth;
a88a9652 2284
b644ba33
JH		 2285 if (ev->status == 0)
2286 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
04124681 2287 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
b644ba33
JH		 2288 else
2289 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2290
2291check_auth:
79c6c70c
JH		 2292 if (!conn)
2293 goto unlock;
2294
2295 if (!hci_outgoing_auth_needed(hdev, conn))
2296 goto unlock;
2297
51a8efd7 2298 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
127178d2
JH		 2299 struct hci_cp_auth_requested cp;
2300 cp.handle = __cpu_to_le16(conn->handle);
2301 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2302 }
2303
79c6c70c 2304unlock:
127178d2 2305 hci_dev_unlock(hdev);
a9de9248
MH		 2306}
2307
6039aa73 2308static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2309{
2310 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2311 struct hci_conn *conn;
2312
9f1db00c 2313 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2314
2315 hci_dev_lock(hdev);
2316
04837f64 2317 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
dc8357cc
MH		 2318 if (!conn)
2319 goto unlock;
1da177e4 2320
dc8357cc
MH		 2321 if (!ev->status) {
2322 if (ev->encrypt) {
2323 /* Encryption implies authentication */
2324 conn->link_mode |= HCI_LM_AUTH;
2325 conn->link_mode |= HCI_LM_ENCRYPT;
2326 conn->sec_level = conn->pending_sec_level;
abf76bad 2327
914a6ffe
MH		 2328 /* P-256 authentication key implies FIPS */
2329 if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256)
2330 conn->link_mode |= HCI_LM_FIPS;
2331
abf76bad
MH		 2332 if ((conn->type == ACL_LINK && ev->encrypt == 0x02) ||
2333 conn->type == LE_LINK)
2334 set_bit(HCI_CONN_AES_CCM, &conn->flags);
2335 } else {
dc8357cc 2336 conn->link_mode &= ~HCI_LM_ENCRYPT;
abf76bad
MH		 2337 clear_bit(HCI_CONN_AES_CCM, &conn->flags);
2338 }
dc8357cc 2339 }
a7d7723a 2340
dc8357cc 2341 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
f8558555 2342
dc8357cc
MH		 2343 if (ev->status && conn->state == BT_CONNECTED) {
2344 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2345 hci_conn_drop(conn);
2346 goto unlock;
1da177e4
LT		 2347 }
2348
dc8357cc
MH		 2349 if (conn->state == BT_CONFIG) {
2350 if (!ev->status)
2351 conn->state = BT_CONNECTED;
2352
40b552aa
MH		 2353 /* In Secure Connections Only mode, do not allow any
2354 * connections that are not encrypted with AES-CCM
2355 * using a P-256 authenticated combination key.
2356 */
2357 if (test_bit(HCI_SC_ONLY, &hdev->dev_flags) &&
2358 (!test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
2359 conn->key_type != HCI_LK_AUTH_COMBINATION_P256)) {
2360 hci_proto_connect_cfm(conn, HCI_ERROR_AUTH_FAILURE);
2361 hci_conn_drop(conn);
2362 goto unlock;
2363 }
2364
dc8357cc
MH		 2365 hci_proto_connect_cfm(conn, ev->status);
2366 hci_conn_drop(conn);
2367 } else
2368 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2369
a7d7723a 2370unlock:
1da177e4
LT		 2371 hci_dev_unlock(hdev);
2372}
2373
6039aa73
GP		 2374static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2375 struct sk_buff *skb)
1da177e4 2376{
a9de9248 2377 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
04837f64 2378 struct hci_conn *conn;
1da177e4 2379
9f1db00c 2380 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 2381
2382 hci_dev_lock(hdev);
2383
04837f64 2384 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 2385 if (conn) {
2386 if (!ev->status)
2387 conn->link_mode |= HCI_LM_SECURE;
2388
51a8efd7 2389 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1da177e4
LT		 2390
2391 hci_key_change_cfm(conn, ev->status);
2392 }
2393
2394 hci_dev_unlock(hdev);
2395}
2396
6039aa73
GP		 2397static void hci_remote_features_evt(struct hci_dev *hdev,
2398 struct sk_buff *skb)
1da177e4 2399{
a9de9248
MH		 2400 struct hci_ev_remote_features *ev = (void *) skb->data;
2401 struct hci_conn *conn;
2402
9f1db00c 2403 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248 2404
a9de9248
MH		 2405 hci_dev_lock(hdev);
2406
2407 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 2408 if (!conn)
2409 goto unlock;
769be974 2410
ccd556fe 2411 if (!ev->status)
cad718ed 2412 memcpy(conn->features[0], ev->features, 8);
ccd556fe
JH		 2413
2414 if (conn->state != BT_CONFIG)
2415 goto unlock;
2416
2417 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2418 struct hci_cp_read_remote_ext_features cp;
2419 cp.handle = ev->handle;
2420 cp.page = 0x01;
2421 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
807deac2 2422 sizeof(cp), &cp);
392599b9
JH		 2423 goto unlock;
2424 }
2425
671267bf 2426 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 2427 struct hci_cp_remote_name_req cp;
2428 memset(&cp, 0, sizeof(cp));
2429 bacpy(&cp.bdaddr, &conn->dst);
2430 cp.pscan_rep_mode = 0x02;
2431 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 2432 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2433 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 2434 conn->dst_type, 0, NULL, 0,
2435 conn->dev_class);
392599b9 2436
127178d2 2437 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 2438 conn->state = BT_CONNECTED;
2439 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 2440 hci_conn_drop(conn);
769be974 2441 }
a9de9248 2442
ccd556fe 2443unlock:
a9de9248 2444 hci_dev_unlock(hdev);
1da177e4
LT		 2445}
2446
6039aa73 2447static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2448{
2449 struct hci_ev_cmd_complete *ev = (void *) skb->data;
9238f36a 2450 u8 status = skb->data[sizeof(*ev)];
a9de9248
MH		 2451 __u16 opcode;
2452
2453 skb_pull(skb, sizeof(*ev));
2454
2455 opcode = __le16_to_cpu(ev->opcode);
2456
2457 switch (opcode) {
2458 case HCI_OP_INQUIRY_CANCEL:
2459 hci_cc_inquiry_cancel(hdev, skb);
2460 break;
2461
4d93483b
AG		 2462 case HCI_OP_PERIODIC_INQ:
2463 hci_cc_periodic_inq(hdev, skb);
2464 break;
2465
a9de9248
MH		 2466 case HCI_OP_EXIT_PERIODIC_INQ:
2467 hci_cc_exit_periodic_inq(hdev, skb);
2468 break;
2469
2470 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2471 hci_cc_remote_name_req_cancel(hdev, skb);
2472 break;
2473
2474 case HCI_OP_ROLE_DISCOVERY:
2475 hci_cc_role_discovery(hdev, skb);
2476 break;
2477
e4e8e37c
MH		 2478 case HCI_OP_READ_LINK_POLICY:
2479 hci_cc_read_link_policy(hdev, skb);
2480 break;
2481
a9de9248
MH		 2482 case HCI_OP_WRITE_LINK_POLICY:
2483 hci_cc_write_link_policy(hdev, skb);
2484 break;
2485
e4e8e37c
MH		 2486 case HCI_OP_READ_DEF_LINK_POLICY:
2487 hci_cc_read_def_link_policy(hdev, skb);
2488 break;
2489
2490 case HCI_OP_WRITE_DEF_LINK_POLICY:
2491 hci_cc_write_def_link_policy(hdev, skb);
2492 break;
2493
a9de9248
MH		 2494 case HCI_OP_RESET:
2495 hci_cc_reset(hdev, skb);
2496 break;
2497
2498 case HCI_OP_WRITE_LOCAL_NAME:
2499 hci_cc_write_local_name(hdev, skb);
2500 break;
2501
2502 case HCI_OP_READ_LOCAL_NAME:
2503 hci_cc_read_local_name(hdev, skb);
2504 break;
2505
2506 case HCI_OP_WRITE_AUTH_ENABLE:
2507 hci_cc_write_auth_enable(hdev, skb);
2508 break;
2509
2510 case HCI_OP_WRITE_ENCRYPT_MODE:
2511 hci_cc_write_encrypt_mode(hdev, skb);
2512 break;
2513
2514 case HCI_OP_WRITE_SCAN_ENABLE:
2515 hci_cc_write_scan_enable(hdev, skb);
2516 break;
2517
2518 case HCI_OP_READ_CLASS_OF_DEV:
2519 hci_cc_read_class_of_dev(hdev, skb);
2520 break;
2521
2522 case HCI_OP_WRITE_CLASS_OF_DEV:
2523 hci_cc_write_class_of_dev(hdev, skb);
2524 break;
2525
2526 case HCI_OP_READ_VOICE_SETTING:
2527 hci_cc_read_voice_setting(hdev, skb);
2528 break;
2529
2530 case HCI_OP_WRITE_VOICE_SETTING:
2531 hci_cc_write_voice_setting(hdev, skb);
2532 break;
2533
b4cb9fb2
MH		 2534 case HCI_OP_READ_NUM_SUPPORTED_IAC:
2535 hci_cc_read_num_supported_iac(hdev, skb);
2536 break;
2537
333140b5
MH		 2538 case HCI_OP_WRITE_SSP_MODE:
2539 hci_cc_write_ssp_mode(hdev, skb);
2540 break;
2541
eac83dc6
MH		 2542 case HCI_OP_WRITE_SC_SUPPORT:
2543 hci_cc_write_sc_support(hdev, skb);
2544 break;
2545
a9de9248
MH		 2546 case HCI_OP_READ_LOCAL_VERSION:
2547 hci_cc_read_local_version(hdev, skb);
2548 break;
2549
2550 case HCI_OP_READ_LOCAL_COMMANDS:
2551 hci_cc_read_local_commands(hdev, skb);
2552 break;
2553
2554 case HCI_OP_READ_LOCAL_FEATURES:
2555 hci_cc_read_local_features(hdev, skb);
2556 break;
2557
971e3a4b
AG		 2558 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2559 hci_cc_read_local_ext_features(hdev, skb);
2560 break;
2561
a9de9248
MH		 2562 case HCI_OP_READ_BUFFER_SIZE:
2563 hci_cc_read_buffer_size(hdev, skb);
2564 break;
2565
2566 case HCI_OP_READ_BD_ADDR:
2567 hci_cc_read_bd_addr(hdev, skb);
2568 break;
2569
f332ec66
JH		 2570 case HCI_OP_READ_PAGE_SCAN_ACTIVITY:
2571 hci_cc_read_page_scan_activity(hdev, skb);
2572 break;
2573
4a3ee763
JH		 2574 case HCI_OP_WRITE_PAGE_SCAN_ACTIVITY:
2575 hci_cc_write_page_scan_activity(hdev, skb);
2576 break;
2577
f332ec66
JH		 2578 case HCI_OP_READ_PAGE_SCAN_TYPE:
2579 hci_cc_read_page_scan_type(hdev, skb);
2580 break;
2581
4a3ee763
JH		 2582 case HCI_OP_WRITE_PAGE_SCAN_TYPE:
2583 hci_cc_write_page_scan_type(hdev, skb);
2584 break;
2585
350ee4cf
AE		 2586 case HCI_OP_READ_DATA_BLOCK_SIZE:
2587 hci_cc_read_data_block_size(hdev, skb);
2588 break;
2589
1e89cffb
AE		 2590 case HCI_OP_READ_FLOW_CONTROL_MODE:
2591 hci_cc_read_flow_control_mode(hdev, skb);
2592 break;
2593
928abaa7
AE		 2594 case HCI_OP_READ_LOCAL_AMP_INFO:
2595 hci_cc_read_local_amp_info(hdev, skb);
2596 break;
2597
903e4541
AE		 2598 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2599 hci_cc_read_local_amp_assoc(hdev, skb);
2600 break;
2601
d5859e22
JH		 2602 case HCI_OP_READ_INQ_RSP_TX_POWER:
2603 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2604 break;
2605
980e1a53
JH		 2606 case HCI_OP_PIN_CODE_REPLY:
2607 hci_cc_pin_code_reply(hdev, skb);
2608 break;
2609
2610 case HCI_OP_PIN_CODE_NEG_REPLY:
2611 hci_cc_pin_code_neg_reply(hdev, skb);
2612 break;
2613
c35938b2 2614 case HCI_OP_READ_LOCAL_OOB_DATA:
4d2d2796
MH		 2615 hci_cc_read_local_oob_data(hdev, skb);
2616 break;
2617
2618 case HCI_OP_READ_LOCAL_OOB_EXT_DATA:
2619 hci_cc_read_local_oob_ext_data(hdev, skb);
c35938b2
SJ		 2620 break;
2621
6ed58ec5
VT		 2622 case HCI_OP_LE_READ_BUFFER_SIZE:
2623 hci_cc_le_read_buffer_size(hdev, skb);
2624 break;
2625
60e77321
JH		 2626 case HCI_OP_LE_READ_LOCAL_FEATURES:
2627 hci_cc_le_read_local_features(hdev, skb);
2628 break;
2629
8fa19098
JH		 2630 case HCI_OP_LE_READ_ADV_TX_POWER:
2631 hci_cc_le_read_adv_tx_power(hdev, skb);
2632 break;
2633
a5c29683
JH		 2634 case HCI_OP_USER_CONFIRM_REPLY:
2635 hci_cc_user_confirm_reply(hdev, skb);
2636 break;
2637
2638 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2639 hci_cc_user_confirm_neg_reply(hdev, skb);
2640 break;
2641
1143d458
BG		 2642 case HCI_OP_USER_PASSKEY_REPLY:
2643 hci_cc_user_passkey_reply(hdev, skb);
2644 break;
2645
2646 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2647 hci_cc_user_passkey_neg_reply(hdev, skb);
16cde993 2648 break;
07f7fa5d 2649
7a4cd51d
MH		 2650 case HCI_OP_LE_SET_RANDOM_ADDR:
2651 hci_cc_le_set_random_addr(hdev, skb);
2652 break;
2653
c1d5dc4a
JH		 2654 case HCI_OP_LE_SET_ADV_ENABLE:
2655 hci_cc_le_set_adv_enable(hdev, skb);
2656 break;
2657
533553f8
MH		 2658 case HCI_OP_LE_SET_SCAN_PARAM:
2659 hci_cc_le_set_scan_param(hdev, skb);
2660 break;
2661
eb9d91f5
AG		 2662 case HCI_OP_LE_SET_SCAN_ENABLE:
2663 hci_cc_le_set_scan_enable(hdev, skb);
2664 break;
2665
cf1d081f
JH		 2666 case HCI_OP_LE_READ_WHITE_LIST_SIZE:
2667 hci_cc_le_read_white_list_size(hdev, skb);
2668 break;
2669
0f36b589
MH		 2670 case HCI_OP_LE_CLEAR_WHITE_LIST:
2671 hci_cc_le_clear_white_list(hdev, skb);
2672 break;
2673
2674 case HCI_OP_LE_ADD_TO_WHITE_LIST:
2675 hci_cc_le_add_to_white_list(hdev, skb);
2676 break;
2677
2678 case HCI_OP_LE_DEL_FROM_WHITE_LIST:
2679 hci_cc_le_del_from_white_list(hdev, skb);
2680 break;
2681
9b008c04
JH		 2682 case HCI_OP_LE_READ_SUPPORTED_STATES:
2683 hci_cc_le_read_supported_states(hdev, skb);
2684 break;
2685
f9b49306
AG		 2686 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2687 hci_cc_write_le_host_supported(hdev, skb);
2688 break;
2689
56ed2cb8
JH		 2690 case HCI_OP_LE_SET_ADV_PARAM:
2691 hci_cc_set_adv_param(hdev, skb);
2692 break;
2693
93c284ee
AE		 2694 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2695 hci_cc_write_remote_amp_assoc(hdev, skb);
2696 break;
2697
5ae76a94
AK		 2698 case HCI_OP_READ_RSSI:
2699 hci_cc_read_rssi(hdev, skb);
2700 break;
2701
5a134fae
AK		 2702 case HCI_OP_READ_TX_POWER:
2703 hci_cc_read_tx_power(hdev, skb);
2704 break;
2705
a9de9248 2706 default:
9f1db00c 2707 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2708 break;
2709 }
2710
ad82cdd1 2711 if (opcode != HCI_OP_NOP)
6bd32326
VT		 2712 del_timer(&hdev->cmd_timer);
2713
ad82cdd1 2714 hci_req_cmd_complete(hdev, opcode, status);
9238f36a 2715
dbccd791 2716 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2717 atomic_set(&hdev->cmd_cnt, 1);
2718 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2719 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2720 }
2721}
2722
6039aa73 2723static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2724{
2725 struct hci_ev_cmd_status *ev = (void *) skb->data;
2726 __u16 opcode;
2727
2728 skb_pull(skb, sizeof(*ev));
2729
2730 opcode = __le16_to_cpu(ev->opcode);
2731
2732 switch (opcode) {
2733 case HCI_OP_INQUIRY:
2734 hci_cs_inquiry(hdev, ev->status);
2735 break;
2736
2737 case HCI_OP_CREATE_CONN:
2738 hci_cs_create_conn(hdev, ev->status);
2739 break;
2740
2741 case HCI_OP_ADD_SCO:
2742 hci_cs_add_sco(hdev, ev->status);
2743 break;
2744
f8558555
MH		 2745 case HCI_OP_AUTH_REQUESTED:
2746 hci_cs_auth_requested(hdev, ev->status);
2747 break;
2748
2749 case HCI_OP_SET_CONN_ENCRYPT:
2750 hci_cs_set_conn_encrypt(hdev, ev->status);
2751 break;
2752
a9de9248
MH		 2753 case HCI_OP_REMOTE_NAME_REQ:
2754 hci_cs_remote_name_req(hdev, ev->status);
2755 break;
2756
769be974
MH		 2757 case HCI_OP_READ_REMOTE_FEATURES:
2758 hci_cs_read_remote_features(hdev, ev->status);
2759 break;
2760
2761 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2762 hci_cs_read_remote_ext_features(hdev, ev->status);
2763 break;
2764
a9de9248
MH		 2765 case HCI_OP_SETUP_SYNC_CONN:
2766 hci_cs_setup_sync_conn(hdev, ev->status);
2767 break;
2768
2769 case HCI_OP_SNIFF_MODE:
2770 hci_cs_sniff_mode(hdev, ev->status);
2771 break;
2772
2773 case HCI_OP_EXIT_SNIFF_MODE:
2774 hci_cs_exit_sniff_mode(hdev, ev->status);
2775 break;
2776
8962ee74 2777 case HCI_OP_DISCONNECT:
88c3df13 2778 hci_cs_disconnect(hdev, ev->status);
8962ee74
JH		 2779 break;
2780
a02226d6
AE		 2781 case HCI_OP_CREATE_PHY_LINK:
2782 hci_cs_create_phylink(hdev, ev->status);
2783 break;
2784
0b26ab9d
AE		 2785 case HCI_OP_ACCEPT_PHY_LINK:
2786 hci_cs_accept_phylink(hdev, ev->status);
2787 break;
2788
cb1d68f7
JH		 2789 case HCI_OP_LE_CREATE_CONN:
2790 hci_cs_le_create_conn(hdev, ev->status);
2791 break;
2792
81d0c8ad
JH		 2793 case HCI_OP_LE_START_ENC:
2794 hci_cs_le_start_enc(hdev, ev->status);
2795 break;
2796
a9de9248 2797 default:
9f1db00c 2798 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
a9de9248
MH		 2799 break;
2800 }
2801
ad82cdd1 2802 if (opcode != HCI_OP_NOP)
6bd32326
VT		 2803 del_timer(&hdev->cmd_timer);
2804
02350a72
JH		 2805 if (ev->status ||
2806 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2807 hci_req_cmd_complete(hdev, opcode, ev->status);
9238f36a 2808
10572132 2809 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
a9de9248
MH		 2810 atomic_set(&hdev->cmd_cnt, 1);
2811 if (!skb_queue_empty(&hdev->cmd_q))
c347b765 2812 queue_work(hdev->workqueue, &hdev->cmd_work);
a9de9248
MH		 2813 }
2814}
2815
6039aa73 2816static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2817{
2818 struct hci_ev_role_change *ev = (void *) skb->data;
2819 struct hci_conn *conn;
2820
9f1db00c 2821 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a9de9248
MH		 2822
2823 hci_dev_lock(hdev);
2824
2825 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2826 if (conn) {
2827 if (!ev->status) {
2828 if (ev->role)
2829 conn->link_mode &= ~HCI_LM_MASTER;
2830 else
2831 conn->link_mode |= HCI_LM_MASTER;
2832 }
2833
51a8efd7 2834 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
a9de9248
MH		 2835
2836 hci_role_switch_cfm(conn, ev->status, ev->role);
2837 }
2838
2839 hci_dev_unlock(hdev);
2840}
2841
6039aa73 2842static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248
MH		 2843{
2844 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
a9de9248
MH		 2845 int i;
2846
32ac5b9b
AE		 2847 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2848 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2849 return;
2850 }
2851
c5993de8 2852 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2853 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
a9de9248
MH		 2854 BT_DBG("%s bad parameters", hdev->name);
2855 return;
2856 }
2857
c5993de8
AE		 2858 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2859
613a1c0c
AE		 2860 for (i = 0; i < ev->num_hndl; i++) {
2861 struct hci_comp_pkts_info *info = &ev->handles[i];
a9de9248
MH		 2862 struct hci_conn *conn;
2863 __u16 handle, count;
2864
613a1c0c
AE		 2865 handle = __le16_to_cpu(info->handle);
2866 count = __le16_to_cpu(info->count);
a9de9248
MH		 2867
2868 conn = hci_conn_hash_lookup_handle(hdev, handle);
f4280918
AE		 2869 if (!conn)
2870 continue;
2871
2872 conn->sent -= count;
2873
2874 switch (conn->type) {
2875 case ACL_LINK:
2876 hdev->acl_cnt += count;
2877 if (hdev->acl_cnt > hdev->acl_pkts)
2878 hdev->acl_cnt = hdev->acl_pkts;
2879 break;
2880
2881 case LE_LINK:
2882 if (hdev->le_pkts) {
2883 hdev->le_cnt += count;
2884 if (hdev->le_cnt > hdev->le_pkts)
2885 hdev->le_cnt = hdev->le_pkts;
2886 } else {
70f23020
AE		 2887 hdev->acl_cnt += count;
2888 if (hdev->acl_cnt > hdev->acl_pkts)
a9de9248 2889 hdev->acl_cnt = hdev->acl_pkts;
a9de9248 2890 }
f4280918
AE		 2891 break;
2892
2893 case SCO_LINK:
2894 hdev->sco_cnt += count;
2895 if (hdev->sco_cnt > hdev->sco_pkts)
2896 hdev->sco_cnt = hdev->sco_pkts;
2897 break;
2898
2899 default:
2900 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2901 break;
a9de9248
MH		 2902 }
2903 }
2904
3eff45ea 2905 queue_work(hdev->workqueue, &hdev->tx_work);
a9de9248
MH		 2906}
2907
76ef7cf7
AE		 2908static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2909 __u16 handle)
2910{
2911 struct hci_chan *chan;
2912
2913 switch (hdev->dev_type) {
2914 case HCI_BREDR:
2915 return hci_conn_hash_lookup_handle(hdev, handle);
2916 case HCI_AMP:
2917 chan = hci_chan_lookup_handle(hdev, handle);
2918 if (chan)
2919 return chan->conn;
2920 break;
2921 default:
2922 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2923 break;
2924 }
2925
2926 return NULL;
2927}
2928
6039aa73 2929static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
25e89e99
AE		 2930{
2931 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2932 int i;
2933
2934 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2935 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2936 return;
2937 }
2938
2939 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
807deac2 2940 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
25e89e99
AE		 2941 BT_DBG("%s bad parameters", hdev->name);
2942 return;
2943 }
2944
2945 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
807deac2 2946 ev->num_hndl);
25e89e99
AE		 2947
2948 for (i = 0; i < ev->num_hndl; i++) {
2949 struct hci_comp_blocks_info *info = &ev->handles[i];
76ef7cf7 2950 struct hci_conn *conn = NULL;
25e89e99
AE		 2951 __u16 handle, block_count;
2952
2953 handle = __le16_to_cpu(info->handle);
2954 block_count = __le16_to_cpu(info->blocks);
2955
76ef7cf7 2956 conn = __hci_conn_lookup_handle(hdev, handle);
25e89e99
AE		 2957 if (!conn)
2958 continue;
2959
2960 conn->sent -= block_count;
2961
2962 switch (conn->type) {
2963 case ACL_LINK:
bd1eb66b 2964 case AMP_LINK:
25e89e99
AE		 2965 hdev->block_cnt += block_count;
2966 if (hdev->block_cnt > hdev->num_blocks)
2967 hdev->block_cnt = hdev->num_blocks;
2968 break;
2969
2970 default:
2971 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2972 break;
2973 }
2974 }
2975
2976 queue_work(hdev->workqueue, &hdev->tx_work);
2977}
2978
6039aa73 2979static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
04837f64 2980{
a9de9248 2981 struct hci_ev_mode_change *ev = (void *) skb->data;
04837f64
MH		 2982 struct hci_conn *conn;
2983
9f1db00c 2984 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
04837f64
MH		 2985
2986 hci_dev_lock(hdev);
2987
2988 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
a9de9248
MH		 2989 if (conn) {
2990 conn->mode = ev->mode;
a9de9248 2991
8fc9ced3
GP		 2992 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2993 &conn->flags)) {
a9de9248 2994 if (conn->mode == HCI_CM_ACTIVE)
58a681ef 2995 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2996 else
58a681ef 2997 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
a9de9248 2998 }
e73439d8 2999
51a8efd7 3000 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
e73439d8 3001 hci_sco_setup(conn, ev->status);
04837f64
MH		 3002 }
3003
3004 hci_dev_unlock(hdev);
3005}
3006
6039aa73 3007static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 3008{
052b30b0
MH		 3009 struct hci_ev_pin_code_req *ev = (void *) skb->data;
3010 struct hci_conn *conn;
3011
a9de9248 3012 BT_DBG("%s", hdev->name);
052b30b0
MH		 3013
3014 hci_dev_lock(hdev);
3015
3016 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
b6f98044
WR		 3017 if (!conn)
3018 goto unlock;
3019
3020 if (conn->state == BT_CONNECTED) {
052b30b0
MH		 3021 hci_conn_hold(conn);
3022 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
76a68ba0 3023 hci_conn_drop(conn);
052b30b0
MH		 3024 }
3025
a8b2d5c2 3026 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
03b555e1 3027 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
807deac2 3028 sizeof(ev->bdaddr), &ev->bdaddr);
a8b2d5c2 3029 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
a770bb5a
WR		 3030 u8 secure;
3031
3032 if (conn->pending_sec_level == BT_SECURITY_HIGH)
3033 secure = 1;
3034 else
3035 secure = 0;
3036
744cf19e 3037 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
a770bb5a 3038 }
980e1a53 3039
b6f98044 3040unlock:
052b30b0 3041 hci_dev_unlock(hdev);
a9de9248
MH		 3042}
3043
6039aa73 3044static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 3045{
55ed8ca1
JH		 3046 struct hci_ev_link_key_req *ev = (void *) skb->data;
3047 struct hci_cp_link_key_reply cp;
3048 struct hci_conn *conn;
3049 struct link_key *key;
3050
a9de9248 3051 BT_DBG("%s", hdev->name);
55ed8ca1 3052
034cbea0 3053 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
55ed8ca1
JH		 3054 return;
3055
3056 hci_dev_lock(hdev);
3057
3058 key = hci_find_link_key(hdev, &ev->bdaddr);
3059 if (!key) {
6ed93dc6
AE		 3060 BT_DBG("%s link key not found for %pMR", hdev->name,
3061 &ev->bdaddr);
55ed8ca1
JH		 3062 goto not_found;
3063 }
3064
6ed93dc6
AE		 3065 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
3066 &ev->bdaddr);
55ed8ca1 3067
a8b2d5c2 3068 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
807deac2 3069 key->type == HCI_LK_DEBUG_COMBINATION) {
55ed8ca1
JH		 3070 BT_DBG("%s ignoring debug key", hdev->name);
3071 goto not_found;
3072 }
3073
3074 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
60b83f57 3075 if (conn) {
66138ce8
MH		 3076 if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
3077 key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
807deac2 3078 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
60b83f57
WR		 3079 BT_DBG("%s ignoring unauthenticated key", hdev->name);
3080 goto not_found;
3081 }
55ed8ca1 3082
60b83f57 3083 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
f3fb0b58
JH		 3084 (conn->pending_sec_level == BT_SECURITY_HIGH ||
3085 conn->pending_sec_level == BT_SECURITY_FIPS)) {
8fc9ced3
GP		 3086 BT_DBG("%s ignoring key unauthenticated for high security",
3087 hdev->name);
60b83f57
WR		 3088 goto not_found;
3089 }
3090
3091 conn->key_type = key->type;
3092 conn->pin_length = key->pin_len;
55ed8ca1
JH		 3093 }
3094
3095 bacpy(&cp.bdaddr, &ev->bdaddr);
9b3b4460 3096 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
55ed8ca1
JH		 3097
3098 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
3099
3100 hci_dev_unlock(hdev);
3101
3102 return;
3103
3104not_found:
3105 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
3106 hci_dev_unlock(hdev);
a9de9248
MH		 3107}
3108
6039aa73 3109static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
a9de9248 3110{
052b30b0
MH		 3111 struct hci_ev_link_key_notify *ev = (void *) skb->data;
3112 struct hci_conn *conn;
55ed8ca1 3113 u8 pin_len = 0;
052b30b0 3114
a9de9248 3115 BT_DBG("%s", hdev->name);
052b30b0
MH		 3116
3117 hci_dev_lock(hdev);
3118
3119 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3120 if (conn) {
3121 hci_conn_hold(conn);
3122 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
980e1a53 3123 pin_len = conn->pin_length;
13d39315
WR		 3124
3125 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
3126 conn->key_type = ev->key_type;
3127
76a68ba0 3128 hci_conn_drop(conn);
052b30b0
MH		 3129 }
3130
034cbea0 3131 if (test_bit(HCI_MGMT, &hdev->dev_flags))
d25e28ab 3132 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
807deac2 3133 ev->key_type, pin_len);
55ed8ca1 3134
052b30b0 3135 hci_dev_unlock(hdev);
a9de9248
MH		 3136}
3137
6039aa73 3138static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 3139{
a9de9248 3140 struct hci_ev_clock_offset *ev = (void *) skb->data;
04837f64 3141 struct hci_conn *conn;
1da177e4 3142
9f1db00c 3143 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1da177e4
LT		 3144
3145 hci_dev_lock(hdev);
3146
04837f64 3147 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1da177e4
LT		 3148 if (conn && !ev->status) {
3149 struct inquiry_entry *ie;
3150
cc11b9c1
AE		 3151 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3152 if (ie) {
1da177e4
LT		 3153 ie->data.clock_offset = ev->clock_offset;
3154 ie->timestamp = jiffies;
3155 }
3156 }
3157
3158 hci_dev_unlock(hdev);
3159}
3160
6039aa73 3161static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
a8746417
MH		 3162{
3163 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
3164 struct hci_conn *conn;
3165
9f1db00c 3166 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
a8746417
MH		 3167
3168 hci_dev_lock(hdev);
3169
3170 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3171 if (conn && !ev->status)
3172 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
3173
3174 hci_dev_unlock(hdev);
3175}
3176
6039aa73 3177static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
85a1e930 3178{
a9de9248 3179 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
85a1e930
MH		 3180 struct inquiry_entry *ie;
3181
3182 BT_DBG("%s", hdev->name);
3183
3184 hci_dev_lock(hdev);
3185
cc11b9c1
AE		 3186 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3187 if (ie) {
85a1e930
MH		 3188 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
3189 ie->timestamp = jiffies;
3190 }
3191
3192 hci_dev_unlock(hdev);
3193}
3194
6039aa73
GP		 3195static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3196 struct sk_buff *skb)
a9de9248
MH		 3197{
3198 struct inquiry_data data;
3199 int num_rsp = *((__u8 *) skb->data);
388fc8fa 3200 bool name_known, ssp;
a9de9248
MH		 3201
3202 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3203
3204 if (!num_rsp)
3205 return;
3206
1519cc17
AG		 3207 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3208 return;
3209
a9de9248
MH		 3210 hci_dev_lock(hdev);
3211
3212 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
138d22ef
SJ		 3213 struct inquiry_info_with_rssi_and_pscan_mode *info;
3214 info = (void *) (skb->data + 1);
a9de9248 3215
e17acd40 3216 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 3217 bacpy(&data.bdaddr, &info->bdaddr);
3218 data.pscan_rep_mode = info->pscan_rep_mode;
3219 data.pscan_period_mode = info->pscan_period_mode;
3220 data.pscan_mode = info->pscan_mode;
3221 memcpy(data.dev_class, info->dev_class, 3);
3222 data.clock_offset = info->clock_offset;
3223 data.rssi = info->rssi;
41a96212 3224 data.ssp_mode = 0x00;
3175405b
JH		 3225
3226 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 3227 false, &ssp);
48264f06 3228 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3229 info->dev_class, info->rssi,
5d2e9fad 3230 !name_known, ssp, NULL, 0, NULL, 0);
a9de9248
MH		 3231 }
3232 } else {
3233 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
3234
e17acd40 3235 for (; num_rsp; num_rsp--, info++) {
a9de9248
MH		 3236 bacpy(&data.bdaddr, &info->bdaddr);
3237 data.pscan_rep_mode = info->pscan_rep_mode;
3238 data.pscan_period_mode = info->pscan_period_mode;
3239 data.pscan_mode = 0x00;
3240 memcpy(data.dev_class, info->dev_class, 3);
3241 data.clock_offset = info->clock_offset;
3242 data.rssi = info->rssi;
41a96212 3243 data.ssp_mode = 0x00;
3175405b 3244 name_known = hci_inquiry_cache_update(hdev, &data,
04124681 3245 false, &ssp);
48264f06 3246 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3247 info->dev_class, info->rssi,
5d2e9fad 3248 !name_known, ssp, NULL, 0, NULL, 0);
a9de9248
MH		 3249 }
3250 }
3251
3252 hci_dev_unlock(hdev);
3253}
3254
6039aa73
GP		 3255static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3256 struct sk_buff *skb)
a9de9248 3257{
41a96212
MH		 3258 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3259 struct hci_conn *conn;
3260
a9de9248 3261 BT_DBG("%s", hdev->name);
41a96212 3262
41a96212
MH		 3263 hci_dev_lock(hdev);
3264
3265 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
ccd556fe
JH		 3266 if (!conn)
3267 goto unlock;
41a96212 3268
cad718ed
JH		 3269 if (ev->page < HCI_MAX_PAGES)
3270 memcpy(conn->features[ev->page], ev->features, 8);
3271
ccd556fe
JH		 3272 if (!ev->status && ev->page == 0x01) {
3273 struct inquiry_entry *ie;
41a96212 3274
cc11b9c1
AE		 3275 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3276 if (ie)
02b7cc62 3277 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
769be974 3278
bbb0eada 3279 if (ev->features[0] & LMP_HOST_SSP) {
58a681ef 3280 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
bbb0eada
JK		 3281 } else {
3282 /* It is mandatory by the Bluetooth specification that
3283 * Extended Inquiry Results are only used when Secure
3284 * Simple Pairing is enabled, but some devices violate
3285 * this.
3286 *
3287 * To make these devices work, the internal SSP
3288 * enabled flag needs to be cleared if the remote host
3289 * features do not indicate SSP support */
3290 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3291 }
eb9a8f3f
MH		 3292
3293 if (ev->features[0] & LMP_HOST_SC)
3294 set_bit(HCI_CONN_SC_ENABLED, &conn->flags);
ccd556fe
JH		 3295 }
3296
3297 if (conn->state != BT_CONFIG)
3298 goto unlock;
3299
671267bf 3300 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
127178d2
JH		 3301 struct hci_cp_remote_name_req cp;
3302 memset(&cp, 0, sizeof(cp));
3303 bacpy(&cp.bdaddr, &conn->dst);
3304 cp.pscan_rep_mode = 0x02;
3305 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
b644ba33
JH		 3306 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3307 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681
GP		 3308 conn->dst_type, 0, NULL, 0,
3309 conn->dev_class);
392599b9 3310
127178d2 3311 if (!hci_outgoing_auth_needed(hdev, conn)) {
ccd556fe
JH		 3312 conn->state = BT_CONNECTED;
3313 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 3314 hci_conn_drop(conn);
41a96212
MH		 3315 }
3316
ccd556fe 3317unlock:
41a96212 3318 hci_dev_unlock(hdev);
a9de9248
MH		 3319}
3320
6039aa73
GP		 3321static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3322 struct sk_buff *skb)
a9de9248 3323{
b6a0dc82
MH		 3324 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3325 struct hci_conn *conn;
3326
9f1db00c 3327 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
b6a0dc82
MH		 3328
3329 hci_dev_lock(hdev);
3330
3331 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
9dc0a3af
MH		 3332 if (!conn) {
3333 if (ev->link_type == ESCO_LINK)
3334 goto unlock;
3335
3336 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3337 if (!conn)
3338 goto unlock;
3339
3340 conn->type = SCO_LINK;
3341 }
b6a0dc82 3342
732547f9
MH		 3343 switch (ev->status) {
3344 case 0x00:
b6a0dc82
MH		 3345 conn->handle = __le16_to_cpu(ev->handle);
3346 conn->state = BT_CONNECTED;
7d0db0a3
MH		 3347
3348 hci_conn_add_sysfs(conn);
732547f9
MH		 3349 break;
3350
1a4c958c 3351 case 0x0d: /* Connection Rejected due to Limited Resources */
705e5711 3352 case 0x11: /* Unsupported Feature or Parameter Value */
732547f9 3353 case 0x1c: /* SCO interval rejected */
1038a00b 3354 case 0x1a: /* Unsupported Remote Feature */
732547f9 3355 case 0x1f: /* Unspecified error */
27539bc4 3356 case 0x20: /* Unsupported LMP Parameter value */
2dea632f 3357 if (conn->out) {
732547f9
MH		 3358 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3359 (hdev->esco_type & EDR_ESCO_MASK);
2dea632f
FD		 3360 if (hci_setup_sync(conn, conn->link->handle))
3361 goto unlock;
732547f9
MH		 3362 }
3363 /* fall through */
3364
3365 default:
b6a0dc82 3366 conn->state = BT_CLOSED;
732547f9
MH		 3367 break;
3368 }
b6a0dc82
MH		 3369
3370 hci_proto_connect_cfm(conn, ev->status);
3371 if (ev->status)
3372 hci_conn_del(conn);
3373
3374unlock:
3375 hci_dev_unlock(hdev);
a9de9248
MH		 3376}
3377
efdcf8e3
MH		 3378static inline size_t eir_get_length(u8 *eir, size_t eir_len)
3379{
3380 size_t parsed = 0;
3381
3382 while (parsed < eir_len) {
3383 u8 field_len = eir[0];
3384
3385 if (field_len == 0)
3386 return parsed;
3387
3388 parsed += field_len + 1;
3389 eir += field_len + 1;
3390 }
3391
3392 return eir_len;
3393}
3394
6039aa73
GP		 3395static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3396 struct sk_buff *skb)
1da177e4 3397{
a9de9248
MH		 3398 struct inquiry_data data;
3399 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3400 int num_rsp = *((__u8 *) skb->data);
9d939d94 3401 size_t eir_len;
1da177e4 3402
a9de9248 3403 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1da177e4 3404
a9de9248
MH		 3405 if (!num_rsp)
3406 return;
1da177e4 3407
1519cc17
AG		 3408 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3409 return;
3410
a9de9248
MH		 3411 hci_dev_lock(hdev);
3412
e17acd40 3413 for (; num_rsp; num_rsp--, info++) {
388fc8fa 3414 bool name_known, ssp;
561aafbc 3415
a9de9248 3416 bacpy(&data.bdaddr, &info->bdaddr);
138d22ef
SJ		 3417 data.pscan_rep_mode = info->pscan_rep_mode;
3418 data.pscan_period_mode = info->pscan_period_mode;
3419 data.pscan_mode = 0x00;
a9de9248 3420 memcpy(data.dev_class, info->dev_class, 3);
138d22ef
SJ		 3421 data.clock_offset = info->clock_offset;
3422 data.rssi = info->rssi;
41a96212 3423 data.ssp_mode = 0x01;
561aafbc 3424
a8b2d5c2 3425 if (test_bit(HCI_MGMT, &hdev->dev_flags))
4ddb1930 3426 name_known = eir_has_data_type(info->data,
04124681
GP		 3427 sizeof(info->data),
3428 EIR_NAME_COMPLETE);
561aafbc
JH		 3429 else
3430 name_known = true;
3431
388fc8fa 3432 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
04124681 3433 &ssp);
9d939d94 3434 eir_len = eir_get_length(info->data, sizeof(info->data));
48264f06 3435 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
04124681 3436 info->dev_class, info->rssi, !name_known,
5d2e9fad 3437 ssp, info->data, eir_len, NULL, 0);
a9de9248
MH		 3438 }
3439
3440 hci_dev_unlock(hdev);
3441}
1da177e4 3442
1c2e0041
JH		 3443static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3444 struct sk_buff *skb)
3445{
3446 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3447 struct hci_conn *conn;
3448
9f1db00c 3449 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
1c2e0041
JH		 3450 __le16_to_cpu(ev->handle));
3451
3452 hci_dev_lock(hdev);
3453
3454 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3455 if (!conn)
3456 goto unlock;
3457
9eb1fbfa
JH		 3458 /* For BR/EDR the necessary steps are taken through the
3459 * auth_complete event.
3460 */
3461 if (conn->type != LE_LINK)
3462 goto unlock;
3463
1c2e0041
JH		 3464 if (!ev->status)
3465 conn->sec_level = conn->pending_sec_level;
3466
3467 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3468
3469 if (ev->status && conn->state == BT_CONNECTED) {
bed71748 3470 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
76a68ba0 3471 hci_conn_drop(conn);
1c2e0041
JH		 3472 goto unlock;
3473 }
3474
3475 if (conn->state == BT_CONFIG) {
3476 if (!ev->status)
3477 conn->state = BT_CONNECTED;
3478
3479 hci_proto_connect_cfm(conn, ev->status);
76a68ba0 3480 hci_conn_drop(conn);
1c2e0041
JH		 3481 } else {
3482 hci_auth_cfm(conn, ev->status);
3483
3484 hci_conn_hold(conn);
3485 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 3486 hci_conn_drop(conn);
1c2e0041
JH		 3487 }
3488
3489unlock:
3490 hci_dev_unlock(hdev);
3491}
3492
6039aa73 3493static u8 hci_get_auth_req(struct hci_conn *conn)
17fa4b9d 3494{
17fa4b9d 3495 /* If remote requests no-bonding follow that lead */
acabae96
MA		 3496 if (conn->remote_auth == HCI_AT_NO_BONDING ||
3497 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
58797bf7 3498 return conn->remote_auth | (conn->auth_type & 0x01);
17fa4b9d 3499
b7f94c88
MA		 3500 /* If both remote and local have enough IO capabilities, require
3501 * MITM protection
3502 */
3503 if (conn->remote_cap != HCI_IO_NO_INPUT_OUTPUT &&
3504 conn->io_capability != HCI_IO_NO_INPUT_OUTPUT)
3505 return conn->remote_auth | 0x01;
3506
7e74170a
TM		 3507 /* No MITM protection possible so ignore remote requirement */
3508 return (conn->remote_auth & ~0x01) | (conn->auth_type & 0x01);
17fa4b9d
JH		 3509}
3510
6039aa73 3511static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
0493684e
MH		 3512{
3513 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3514 struct hci_conn *conn;
3515
3516 BT_DBG("%s", hdev->name);
3517
3518 hci_dev_lock(hdev);
3519
3520 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
03b555e1
JH		 3521 if (!conn)
3522 goto unlock;
3523
3524 hci_conn_hold(conn);
3525
a8b2d5c2 3526 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
03b555e1
JH		 3527 goto unlock;
3528
a8b2d5c2 3529 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
807deac2 3530 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
17fa4b9d
JH		 3531 struct hci_cp_io_capability_reply cp;
3532
3533 bacpy(&cp.bdaddr, &ev->bdaddr);
7a7f1e7c
HG		 3534 /* Change the IO capability from KeyboardDisplay
3535 * to DisplayYesNo as it is not supported by BT spec. */
3536 cp.capability = (conn->io_capability == 0x04) ?
a767631a 3537 HCI_IO_DISPLAY_YESNO : conn->io_capability;
b7f94c88
MA		 3538
3539 /* If we are initiators, there is no remote information yet */
3540 if (conn->remote_auth == 0xff) {
3541 cp.authentication = conn->auth_type;
6fd6b915 3542
b16c6604 3543 /* Request MITM protection if our IO caps allow it
4ad51a75
JH		 3544 * except for the no-bonding case.
3545 * conn->auth_type is not updated here since
3546 * that might cause the user confirmation to be
3547 * rejected in case the remote doesn't have the
3548 * IO capabilities for MITM.
b16c6604 3549 */
6fd6b915 3550 if (conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
b16c6604 3551 cp.authentication != HCI_AT_NO_BONDING)
6fd6b915 3552 cp.authentication |= 0x01;
b7f94c88
MA		 3553 } else {
3554 conn->auth_type = hci_get_auth_req(conn);
3555 cp.authentication = conn->auth_type;
3556 }
17fa4b9d 3557
8fc9ced3
GP		 3558 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3559 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
ce85ee13
SJ		 3560 cp.oob_data = 0x01;
3561 else
3562 cp.oob_data = 0x00;
3563
17fa4b9d 3564 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
807deac2 3565 sizeof(cp), &cp);
03b555e1
JH		 3566 } else {
3567 struct hci_cp_io_capability_neg_reply cp;
3568
3569 bacpy(&cp.bdaddr, &ev->bdaddr);
9f5a0d7b 3570 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
0493684e 3571
03b555e1 3572 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
807deac2 3573 sizeof(cp), &cp);
03b555e1
JH		 3574 }
3575
3576unlock:
3577 hci_dev_unlock(hdev);
3578}
3579
6039aa73 3580static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
03b555e1
JH		 3581{
3582 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3583 struct hci_conn *conn;
3584
3585 BT_DBG("%s", hdev->name);
3586
3587 hci_dev_lock(hdev);
3588
3589 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3590 if (!conn)
3591 goto unlock;
3592
03b555e1 3593 conn->remote_cap = ev->capability;
03b555e1 3594 conn->remote_auth = ev->authentication;
58a681ef
JH		 3595 if (ev->oob_data)
3596 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
03b555e1
JH		 3597
3598unlock:
0493684e
MH		 3599 hci_dev_unlock(hdev);
3600}
3601
6039aa73
GP		 3602static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3603 struct sk_buff *skb)
a5c29683
JH		 3604{
3605 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
55bc1a37 3606 int loc_mitm, rem_mitm, confirm_hint = 0;
7a828908 3607 struct hci_conn *conn;
a5c29683
JH		 3608
3609 BT_DBG("%s", hdev->name);
3610
3611 hci_dev_lock(hdev);
3612
a8b2d5c2 3613 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
7a828908 3614 goto unlock;
a5c29683 3615
7a828908
JH		 3616 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3617 if (!conn)
3618 goto unlock;
3619
3620 loc_mitm = (conn->auth_type & 0x01);
3621 rem_mitm = (conn->remote_auth & 0x01);
3622
3623 /* If we require MITM but the remote device can't provide that
6fd6b915
MA		 3624 * (it has NoInputNoOutput) then reject the confirmation request
3625 */
3626 if (loc_mitm && conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
7a828908
JH		 3627 BT_DBG("Rejecting request: remote device can't provide MITM");
3628 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
807deac2 3629 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3630 goto unlock;
3631 }
3632
3633 /* If no side requires MITM protection; auto-accept */
a767631a
MA		 3634 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
3635 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
55bc1a37
JH		 3636
3637 /* If we're not the initiators request authorization to
3638 * proceed from user space (mgmt_user_confirm with
ba15a58b
JH		 3639 * confirm_hint set to 1). The exception is if neither
3640 * side had MITM in which case we do auto-accept.
3641 */
3642 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) &&
3643 (loc_mitm || rem_mitm)) {
55bc1a37
JH		 3644 BT_DBG("Confirming auto-accept as acceptor");
3645 confirm_hint = 1;
3646 goto confirm;
3647 }
3648
9f61656a 3649 BT_DBG("Auto-accept of user confirmation with %ums delay",
807deac2 3650 hdev->auto_accept_delay);
9f61656a
JH		 3651
3652 if (hdev->auto_accept_delay > 0) {
3653 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
7bc18d9d
JH		 3654 queue_delayed_work(conn->hdev->workqueue,
3655 &conn->auto_accept_work, delay);
9f61656a
JH		 3656 goto unlock;
3657 }
3658
7a828908 3659 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
807deac2 3660 sizeof(ev->bdaddr), &ev->bdaddr);
7a828908
JH		 3661 goto unlock;
3662 }
3663
55bc1a37 3664confirm:
39adbffe
JH		 3665 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0,
3666 le32_to_cpu(ev->passkey), confirm_hint);
7a828908
JH		 3667
3668unlock:
a5c29683
JH		 3669 hci_dev_unlock(hdev);
3670}
3671
6039aa73
GP		 3672static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3673 struct sk_buff *skb)
1143d458
BG		 3674{
3675 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3676
3677 BT_DBG("%s", hdev->name);
3678
a8b2d5c2 3679 if (test_bit(HCI_MGMT, &hdev->dev_flags))
272d90df 3680 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
1143d458
BG		 3681}
3682
92a25256
JH		 3683static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3684 struct sk_buff *skb)
3685{
3686 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3687 struct hci_conn *conn;
3688
3689 BT_DBG("%s", hdev->name);
3690
3691 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3692 if (!conn)
3693 return;
3694
3695 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3696 conn->passkey_entered = 0;
3697
3698 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3699 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3700 conn->dst_type, conn->passkey_notify,
3701 conn->passkey_entered);
3702}
3703
3704static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3705{
3706 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3707 struct hci_conn *conn;
3708
3709 BT_DBG("%s", hdev->name);
3710
3711 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3712 if (!conn)
3713 return;
3714
3715 switch (ev->type) {
3716 case HCI_KEYPRESS_STARTED:
3717 conn->passkey_entered = 0;
3718 return;
3719
3720 case HCI_KEYPRESS_ENTERED:
3721 conn->passkey_entered++;
3722 break;
3723
3724 case HCI_KEYPRESS_ERASED:
3725 conn->passkey_entered--;
3726 break;
3727
3728 case HCI_KEYPRESS_CLEARED:
3729 conn->passkey_entered = 0;
3730 break;
3731
3732 case HCI_KEYPRESS_COMPLETED:
3733 return;
3734 }
3735
3736 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3737 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3738 conn->dst_type, conn->passkey_notify,
3739 conn->passkey_entered);
3740}
3741
6039aa73
GP		 3742static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3743 struct sk_buff *skb)
0493684e
MH		 3744{
3745 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3746 struct hci_conn *conn;
3747
3748 BT_DBG("%s", hdev->name);
3749
3750 hci_dev_lock(hdev);
3751
3752 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2a611692
JH		 3753 if (!conn)
3754 goto unlock;
3755
3756 /* To avoid duplicate auth_failed events to user space we check
3757 * the HCI_CONN_AUTH_PEND flag which will be set if we
3758 * initiated the authentication. A traditional auth_complete
3759 * event gets always produced as initiator and is also mapped to
3760 * the mgmt_auth_failed event */
fa1bd918 3761 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
bab73cb6 3762 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
04124681 3763 ev->status);
0493684e 3764
76a68ba0 3765 hci_conn_drop(conn);
2a611692
JH		 3766
3767unlock:
0493684e
MH		 3768 hci_dev_unlock(hdev);
3769}
3770
6039aa73
GP		 3771static void hci_remote_host_features_evt(struct hci_dev *hdev,
3772 struct sk_buff *skb)
41a96212
MH		 3773{
3774 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3775 struct inquiry_entry *ie;
cad718ed 3776 struct hci_conn *conn;
41a96212
MH		 3777
3778 BT_DBG("%s", hdev->name);
3779
3780 hci_dev_lock(hdev);
3781
cad718ed
JH		 3782 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3783 if (conn)
3784 memcpy(conn->features[1], ev->features, 8);
3785
cc11b9c1
AE		 3786 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3787 if (ie)
02b7cc62 3788 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
41a96212
MH		 3789
3790 hci_dev_unlock(hdev);
3791}
3792
6039aa73
GP		 3793static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3794 struct sk_buff *skb)
2763eda6
SJ		 3795{
3796 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3797 struct oob_data *data;
3798
3799 BT_DBG("%s", hdev->name);
3800
3801 hci_dev_lock(hdev);
3802
a8b2d5c2 3803 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
e1ba1f15
SJ		 3804 goto unlock;
3805
2763eda6
SJ		 3806 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3807 if (data) {
519ca9d0
MH		 3808 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
3809 struct hci_cp_remote_oob_ext_data_reply cp;
2763eda6 3810
519ca9d0
MH		 3811 bacpy(&cp.bdaddr, &ev->bdaddr);
3812 memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
3813 memcpy(cp.randomizer192, data->randomizer192,
3814 sizeof(cp.randomizer192));
3815 memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
3816 memcpy(cp.randomizer256, data->randomizer256,
3817 sizeof(cp.randomizer256));
3818
3819 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
3820 sizeof(cp), &cp);
3821 } else {
3822 struct hci_cp_remote_oob_data_reply cp;
2763eda6 3823
519ca9d0
MH		 3824 bacpy(&cp.bdaddr, &ev->bdaddr);
3825 memcpy(cp.hash, data->hash192, sizeof(cp.hash));
3826 memcpy(cp.randomizer, data->randomizer192,
3827 sizeof(cp.randomizer));
3828
3829 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
3830 sizeof(cp), &cp);
3831 }
2763eda6
SJ		 3832 } else {
3833 struct hci_cp_remote_oob_data_neg_reply cp;
3834
3835 bacpy(&cp.bdaddr, &ev->bdaddr);
519ca9d0
MH		 3836 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY,
3837 sizeof(cp), &cp);
2763eda6
SJ		 3838 }
3839
e1ba1f15 3840unlock:
2763eda6
SJ		 3841 hci_dev_unlock(hdev);
3842}
3843
d5e91192
AE		 3844static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3845 struct sk_buff *skb)
3846{
3847 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3848 struct hci_conn *hcon, *bredr_hcon;
3849
3850 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3851 ev->status);
3852
3853 hci_dev_lock(hdev);
3854
3855 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3856 if (!hcon) {
3857 hci_dev_unlock(hdev);
3858 return;
3859 }
3860
3861 if (ev->status) {
3862 hci_conn_del(hcon);
3863 hci_dev_unlock(hdev);
3864 return;
3865 }
3866
3867 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3868
3869 hcon->state = BT_CONNECTED;
3870 bacpy(&hcon->dst, &bredr_hcon->dst);
3871
3872 hci_conn_hold(hcon);
3873 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
76a68ba0 3874 hci_conn_drop(hcon);
d5e91192 3875
d5e91192
AE		 3876 hci_conn_add_sysfs(hcon);
3877
cf70ff22 3878 amp_physical_cfm(bredr_hcon, hcon);
d5e91192 3879
cf70ff22 3880 hci_dev_unlock(hdev);
d5e91192
AE		 3881}
3882
27695fb4
AE		 3883static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3884{
3885 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3886 struct hci_conn *hcon;
3887 struct hci_chan *hchan;
3888 struct amp_mgr *mgr;
3889
3890 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3891 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3892 ev->status);
3893
3894 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3895 if (!hcon)
3896 return;
3897
3898 /* Create AMP hchan */
3899 hchan = hci_chan_create(hcon);
3900 if (!hchan)
3901 return;
3902
3903 hchan->handle = le16_to_cpu(ev->handle);
3904
3905 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3906
3907 mgr = hcon->amp_mgr;
3908 if (mgr && mgr->bredr_chan) {
3909 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3910
3911 l2cap_chan_lock(bredr_chan);
3912
3913 bredr_chan->conn->mtu = hdev->block_mtu;
3914 l2cap_logical_cfm(bredr_chan, hchan, 0);
3915 hci_conn_hold(hcon);
3916
3917 l2cap_chan_unlock(bredr_chan);
3918 }
3919}
3920
606e2a10
AE		 3921static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3922 struct sk_buff *skb)
3923{
3924 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3925 struct hci_chan *hchan;
3926
3927 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3928 le16_to_cpu(ev->handle), ev->status);
3929
3930 if (ev->status)
3931 return;
3932
3933 hci_dev_lock(hdev);
3934
3935 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3936 if (!hchan)
3937 goto unlock;
3938
3939 amp_destroy_logical_link(hchan, ev->reason);
3940
3941unlock:
3942 hci_dev_unlock(hdev);
3943}
3944
9eef6b3a
AE		 3945static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3946 struct sk_buff *skb)
3947{
3948 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3949 struct hci_conn *hcon;
3950
3951 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3952
3953 if (ev->status)
3954 return;
3955
3956 hci_dev_lock(hdev);
3957
3958 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3959 if (hcon) {
3960 hcon->state = BT_CLOSED;
3961 hci_conn_del(hcon);
3962 }
3963
3964 hci_dev_unlock(hdev);
3965}
3966
6039aa73 3967static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 3968{
3969 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3970 struct hci_conn *conn;
68d6f6de 3971 struct smp_irk *irk;
fcd89c09 3972
9f1db00c 3973 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
fcd89c09
VT		 3974
3975 hci_dev_lock(hdev);
3976
b47a09b3 3977 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
b62f328b
VT		 3978 if (!conn) {
3979 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3980 if (!conn) {
3981 BT_ERR("No memory for new connection");
230fd16a 3982 goto unlock;
b62f328b 3983 }
29b7988a
AG		 3984
3985 conn->dst_type = ev->bdaddr_type;
b9b343d2
AG		 3986
3987 if (ev->role == LE_CONN_ROLE_MASTER) {
3988 conn->out = true;
3989 conn->link_mode |= HCI_LM_MASTER;
3990 }
cb1d68f7
JH		 3991
3992 /* If we didn't have a hci_conn object previously
3993 * but we're in master role this must be something
3994 * initiated using a white list. Since white list based
3995 * connections are not "first class citizens" we don't
3996 * have full tracking of them. Therefore, we go ahead
3997 * with a "best effort" approach of determining the
3998 * initiator address based on the HCI_PRIVACY flag.
3999 */
4000 if (conn->out) {
4001 conn->resp_addr_type = ev->bdaddr_type;
4002 bacpy(&conn->resp_addr, &ev->bdaddr);
4003 if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) {
4004 conn->init_addr_type = ADDR_LE_DEV_RANDOM;
4005 bacpy(&conn->init_addr, &hdev->rpa);
4006 } else {
4007 hci_copy_identity_address(hdev,
4008 &conn->init_addr,
4009 &conn->init_addr_type);
4010 }
cb1d68f7 4011 }
9489eca4
JH		 4012 } else {
4013 cancel_delayed_work(&conn->le_conn_timeout);
b62f328b 4014 }
fcd89c09 4015
80c24ab8
JH		 4016 if (!conn->out) {
4017 /* Set the responder (our side) address type based on
4018 * the advertising address type.
4019 */
4020 conn->resp_addr_type = hdev->adv_addr_type;
4021 if (hdev->adv_addr_type == ADDR_LE_DEV_RANDOM)
4022 bacpy(&conn->resp_addr, &hdev->random_addr);
4023 else
4024 bacpy(&conn->resp_addr, &hdev->bdaddr);
4025
4026 conn->init_addr_type = ev->bdaddr_type;
4027 bacpy(&conn->init_addr, &ev->bdaddr);
4028 }
7be2edbb 4029
edb4b466
MH		 4030 /* Lookup the identity address from the stored connection
4031 * address and address type.
4032 *
4033 * When establishing connections to an identity address, the
4034 * connection procedure will store the resolvable random
4035 * address first. Now if it can be converted back into the
4036 * identity address, start using the identity address from
4037 * now on.
4038 */
4039 irk = hci_get_irk(hdev, &conn->dst, conn->dst_type);
68d6f6de
JH		 4040 if (irk) {
4041 bacpy(&conn->dst, &irk->bdaddr);
4042 conn->dst_type = irk->addr_type;
4043 }
4044
cd17decb 4045 if (ev->status) {
06c053fb 4046 hci_le_conn_failed(conn, ev->status);
cd17decb
AG		 4047 goto unlock;
4048 }
4049
b644ba33 4050 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
01fdb0fc 4051 mgmt_device_connected(hdev, &conn->dst, conn->type,
04124681 4052 conn->dst_type, 0, NULL, 0, NULL);
83bc71b4 4053
7b5c0d52 4054 conn->sec_level = BT_SECURITY_LOW;
fcd89c09
VT		 4055 conn->handle = __le16_to_cpu(ev->handle);
4056 conn->state = BT_CONNECTED;
4057
18722c24
JR		 4058 if (test_bit(HCI_6LOWPAN_ENABLED, &hdev->dev_flags))
4059 set_bit(HCI_CONN_6LOWPAN, &conn->flags);
4060
fcd89c09
VT		 4061 hci_conn_add_sysfs(conn);
4062
4063 hci_proto_connect_cfm(conn, ev->status);
4064
a4790dbd
AG		 4065 hci_pend_le_conn_del(hdev, &conn->dst, conn->dst_type);
4066
fcd89c09
VT		 4067unlock:
4068 hci_dev_unlock(hdev);
4069}
4070
a4790dbd
AG		 4071/* This function requires the caller holds hdev->lock */
4072static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr,
4073 u8 addr_type)
4074{
4075 struct hci_conn *conn;
5b906a84
AG		 4076 struct smp_irk *irk;
4077
4078 /* If this is a resolvable address, we should resolve it and then
4079 * update address and address type variables.
4080 */
4081 irk = hci_get_irk(hdev, addr, addr_type);
4082 if (irk) {
4083 addr = &irk->bdaddr;
4084 addr_type = irk->addr_type;
4085 }
a4790dbd
AG		 4086
4087 if (!hci_pend_le_conn_lookup(hdev, addr, addr_type))
4088 return;
4089
4090 conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
4091 HCI_AT_NO_BONDING);
4092 if (!IS_ERR(conn))
4093 return;
4094
4095 switch (PTR_ERR(conn)) {
4096 case -EBUSY:
4097 /* If hci_connect() returns -EBUSY it means there is already
4098 * an LE connection attempt going on. Since controllers don't
4099 * support more than one connection attempt at the time, we
4100 * don't consider this an error case.
4101 */
4102 break;
4103 default:
4104 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn));
4105 }
4106}
4107
4af605d8
JH		 4108static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
4109 u8 bdaddr_type, s8 rssi, u8 *data, u8 len)
4110{
b9a6328f 4111 struct discovery_state *d = &hdev->discovery;
474ee066 4112 bool match;
b9a6328f 4113
ca5c4be7
JH		 4114 /* Passive scanning shouldn't trigger any device found events */
4115 if (hdev->le_scan_type == LE_SCAN_PASSIVE) {
4116 if (type == LE_ADV_IND || type == LE_ADV_DIRECT_IND)
4117 check_pending_le_conn(hdev, bdaddr, bdaddr_type);
4118 return;
4119 }
4af605d8 4120
b9a6328f
JH		 4121 /* If there's nothing pending either store the data from this
4122 * event or send an immediate device found event if the data
4123 * should not be stored for later.
4124 */
4125 if (!has_pending_adv_report(hdev)) {
4126 /* If the report will trigger a SCAN_REQ store it for
4127 * later merging.
4128 */
4129 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
4130 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
ff5cd29f 4131 rssi, data, len);
b9a6328f
JH		 4132 return;
4133 }
4134
4135 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4136 rssi, 0, 1, data, len, NULL, 0);
4137 return;
4138 }
4139
474ee066
JH		 4140 /* Check if the pending report is for the same device as the new one */
4141 match = (!bacmp(bdaddr, &d->last_adv_addr) &&
4142 bdaddr_type == d->last_adv_addr_type);
4143
b9a6328f
JH		 4144 /* If the pending data doesn't match this report or this isn't a
4145 * scan response (e.g. we got a duplicate ADV_IND) then force
4146 * sending of the pending data.
4147 */
474ee066
JH		 4148 if (type != LE_ADV_SCAN_RSP || !match) {
4149 /* Send out whatever is in the cache, but skip duplicates */
4150 if (!match)
4151 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
ff5cd29f
JH		 4152 d->last_adv_addr_type, NULL,
4153 d->last_adv_rssi, 0, 1,
4154 d->last_adv_data,
474ee066 4155 d->last_adv_data_len, NULL, 0);
b9a6328f
JH		 4156
4157 /* If the new report will trigger a SCAN_REQ store it for
4158 * later merging.
4159 */
4160 if (type == LE_ADV_IND || type == LE_ADV_SCAN_IND) {
4161 store_pending_adv_report(hdev, bdaddr, bdaddr_type,
ff5cd29f 4162 rssi, data, len);
b9a6328f
JH		 4163 return;
4164 }
4165
4166 /* The advertising reports cannot be merged, so clear
4167 * the pending report and send out a device found event.
4168 */
4169 clear_pending_adv_report(hdev);
5c5b93e4
JH		 4170 mgmt_device_found(hdev, bdaddr, LE_LINK, bdaddr_type, NULL,
4171 rssi, 0, 1, data, len, NULL, 0);
b9a6328f
JH		 4172 return;
4173 }
4174
4175 /* If we get here we've got a pending ADV_IND or ADV_SCAN_IND and
4176 * the new event is a SCAN_RSP. We can therefore proceed with
4177 * sending a merged device found event.
4178 */
4179 mgmt_device_found(hdev, &d->last_adv_addr, LE_LINK,
4180 d->last_adv_addr_type, NULL, rssi, 0, 1, data, len,
4181 d->last_adv_data, d->last_adv_data_len);
4182 clear_pending_adv_report(hdev);
4af605d8
JH		 4183}
4184
6039aa73 4185static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
9aa04c91 4186{
e95beb41
AG		 4187 u8 num_reports = skb->data[0];
4188 void *ptr = &skb->data[1];
9aa04c91 4189
a4790dbd
AG		 4190 hci_dev_lock(hdev);
4191
e95beb41
AG		 4192 while (num_reports--) {
4193 struct hci_ev_le_advertising_info *ev = ptr;
4af605d8 4194 s8 rssi;
a4790dbd 4195
3c9e9195 4196 rssi = ev->data[ev->length];
4af605d8
JH		 4197 process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
4198 ev->bdaddr_type, rssi, ev->data, ev->length);
3c9e9195 4199
e95beb41 4200 ptr += sizeof(*ev) + ev->length + 1;
9aa04c91 4201 }
a4790dbd
AG		 4202
4203 hci_dev_unlock(hdev);
9aa04c91
AG		 4204}
4205
6039aa73 4206static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
a7a595f6
VCG		 4207{
4208 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
4209 struct hci_cp_le_ltk_reply cp;
bea710fe 4210 struct hci_cp_le_ltk_neg_reply neg;
a7a595f6 4211 struct hci_conn *conn;
c9839a11 4212 struct smp_ltk *ltk;
a7a595f6 4213
9f1db00c 4214 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
a7a595f6
VCG		 4215
4216 hci_dev_lock(hdev);
4217
4218 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
bea710fe
VCG		 4219 if (conn == NULL)
4220 goto not_found;
a7a595f6 4221
fe39c7b2 4222 ltk = hci_find_ltk(hdev, ev->ediv, ev->rand, conn->out);
bea710fe
VCG		 4223 if (ltk == NULL)
4224 goto not_found;
4225
4226 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
a7a595f6 4227 cp.handle = cpu_to_le16(conn->handle);
c9839a11
VCG		 4228
4229 if (ltk->authenticated)
f8776218
AG		 4230 conn->pending_sec_level = BT_SECURITY_HIGH;
4231 else
4232 conn->pending_sec_level = BT_SECURITY_MEDIUM;
a7a595f6 4233
89cbb4da 4234 conn->enc_key_size = ltk->enc_size;
a7a595f6
VCG		 4235
4236 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
4237
5981a882
CT		 4238 /* Ref. Bluetooth Core SPEC pages 1975 and 2004. STK is a
4239 * temporary key used to encrypt a connection following
4240 * pairing. It is used during the Encrypted Session Setup to
4241 * distribute the keys. Later, security can be re-established
4242 * using a distributed LTK.
4243 */
4244 if (ltk->type == HCI_SMP_STK_SLAVE) {
c9839a11
VCG		 4245 list_del(&ltk->list);
4246 kfree(ltk);
4247 }
4248
a7a595f6 4249 hci_dev_unlock(hdev);
bea710fe
VCG		 4250
4251 return;
4252
4253not_found:
4254 neg.handle = ev->handle;
4255 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
4256 hci_dev_unlock(hdev);
a7a595f6
VCG		 4257}
4258
6039aa73 4259static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
fcd89c09
VT		 4260{
4261 struct hci_ev_le_meta *le_ev = (void *) skb->data;
4262
4263 skb_pull(skb, sizeof(*le_ev));
4264
4265 switch (le_ev->subevent) {
4266 case HCI_EV_LE_CONN_COMPLETE:
4267 hci_le_conn_complete_evt(hdev, skb);
4268 break;
4269
9aa04c91
AG		 4270 case HCI_EV_LE_ADVERTISING_REPORT:
4271 hci_le_adv_report_evt(hdev, skb);
4272 break;
4273
a7a595f6
VCG		 4274 case HCI_EV_LE_LTK_REQ:
4275 hci_le_ltk_request_evt(hdev, skb);
4276 break;
4277
fcd89c09
VT		 4278 default:
4279 break;
4280 }
4281}
4282
9495b2ee
AE		 4283static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
4284{
4285 struct hci_ev_channel_selected *ev = (void *) skb->data;
4286 struct hci_conn *hcon;
4287
4288 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
4289
4290 skb_pull(skb, sizeof(*ev));
4291
4292 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4293 if (!hcon)
4294 return;
4295
4296 amp_read_loc_assoc_final_data(hdev, hcon);
4297}
4298
a9de9248
MH		 4299void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
4300{
4301 struct hci_event_hdr *hdr = (void *) skb->data;
4302 __u8 event = hdr->evt;
4303
b6ddb638
JH		 4304 hci_dev_lock(hdev);
4305
4306 /* Received events are (currently) only needed when a request is
4307 * ongoing so avoid unnecessary memory allocation.
4308 */
4309 if (hdev->req_status == HCI_REQ_PEND) {
4310 kfree_skb(hdev->recv_evt);
4311 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
4312 }
4313
4314 hci_dev_unlock(hdev);
4315
a9de9248
MH		 4316 skb_pull(skb, HCI_EVENT_HDR_SIZE);
4317
02350a72 4318 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
c1f23a2b
JB		 4319 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
4320 u16 opcode = __le16_to_cpu(cmd_hdr->opcode);
02350a72
JH		 4321
4322 hci_req_cmd_complete(hdev, opcode, 0);
4323 }
4324
a9de9248 4325 switch (event) {
1da177e4
LT		 4326 case HCI_EV_INQUIRY_COMPLETE:
4327 hci_inquiry_complete_evt(hdev, skb);
4328 break;
4329
4330 case HCI_EV_INQUIRY_RESULT:
4331 hci_inquiry_result_evt(hdev, skb);
4332 break;
4333
a9de9248
MH		 4334 case HCI_EV_CONN_COMPLETE:
4335 hci_conn_complete_evt(hdev, skb);
21d9e30e
MH		 4336 break;
4337
1da177e4
LT		 4338 case HCI_EV_CONN_REQUEST:
4339 hci_conn_request_evt(hdev, skb);
4340 break;
4341
1da177e4
LT		 4342 case HCI_EV_DISCONN_COMPLETE:
4343 hci_disconn_complete_evt(hdev, skb);
4344 break;
4345
1da177e4
LT		 4346 case HCI_EV_AUTH_COMPLETE:
4347 hci_auth_complete_evt(hdev, skb);
4348 break;
4349
a9de9248
MH		 4350 case HCI_EV_REMOTE_NAME:
4351 hci_remote_name_evt(hdev, skb);
4352 break;
4353
1da177e4
LT		 4354 case HCI_EV_ENCRYPT_CHANGE:
4355 hci_encrypt_change_evt(hdev, skb);
4356 break;
4357
a9de9248
MH		 4358 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
4359 hci_change_link_key_complete_evt(hdev, skb);
4360 break;
4361
4362 case HCI_EV_REMOTE_FEATURES:
4363 hci_remote_features_evt(hdev, skb);
4364 break;
4365
a9de9248
MH		 4366 case HCI_EV_CMD_COMPLETE:
4367 hci_cmd_complete_evt(hdev, skb);
4368 break;
4369
4370 case HCI_EV_CMD_STATUS:
4371 hci_cmd_status_evt(hdev, skb);
4372 break;
4373
4374 case HCI_EV_ROLE_CHANGE:
4375 hci_role_change_evt(hdev, skb);
4376 break;
4377
4378 case HCI_EV_NUM_COMP_PKTS:
4379 hci_num_comp_pkts_evt(hdev, skb);
4380 break;
4381
4382 case HCI_EV_MODE_CHANGE:
4383 hci_mode_change_evt(hdev, skb);
1da177e4
LT		 4384 break;
4385
4386 case HCI_EV_PIN_CODE_REQ:
4387 hci_pin_code_request_evt(hdev, skb);
4388 break;
4389
4390 case HCI_EV_LINK_KEY_REQ:
4391 hci_link_key_request_evt(hdev, skb);
4392 break;
4393
4394 case HCI_EV_LINK_KEY_NOTIFY:
4395 hci_link_key_notify_evt(hdev, skb);
4396 break;
4397
4398 case HCI_EV_CLOCK_OFFSET:
4399 hci_clock_offset_evt(hdev, skb);
4400 break;
4401
a8746417
MH		 4402 case HCI_EV_PKT_TYPE_CHANGE:
4403 hci_pkt_type_change_evt(hdev, skb);
4404 break;
4405
85a1e930
MH		 4406 case HCI_EV_PSCAN_REP_MODE:
4407 hci_pscan_rep_mode_evt(hdev, skb);
4408 break;
4409
a9de9248
MH		 4410 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
4411 hci_inquiry_result_with_rssi_evt(hdev, skb);
04837f64
MH		 4412 break;
4413
a9de9248
MH		 4414 case HCI_EV_REMOTE_EXT_FEATURES:
4415 hci_remote_ext_features_evt(hdev, skb);
1da177e4
LT		 4416 break;
4417
a9de9248
MH		 4418 case HCI_EV_SYNC_CONN_COMPLETE:
4419 hci_sync_conn_complete_evt(hdev, skb);
4420 break;
1da177e4 4421
a9de9248
MH		 4422 case HCI_EV_EXTENDED_INQUIRY_RESULT:
4423 hci_extended_inquiry_result_evt(hdev, skb);
4424 break;
1da177e4 4425
1c2e0041
JH		 4426 case HCI_EV_KEY_REFRESH_COMPLETE:
4427 hci_key_refresh_complete_evt(hdev, skb);
4428 break;
4429
0493684e
MH		 4430 case HCI_EV_IO_CAPA_REQUEST:
4431 hci_io_capa_request_evt(hdev, skb);
4432 break;
4433
03b555e1
JH		 4434 case HCI_EV_IO_CAPA_REPLY:
4435 hci_io_capa_reply_evt(hdev, skb);
4436 break;
4437
a5c29683
JH		 4438 case HCI_EV_USER_CONFIRM_REQUEST:
4439 hci_user_confirm_request_evt(hdev, skb);
4440 break;
4441
1143d458
BG		 4442 case HCI_EV_USER_PASSKEY_REQUEST:
4443 hci_user_passkey_request_evt(hdev, skb);
4444 break;
4445
92a25256
JH		 4446 case HCI_EV_USER_PASSKEY_NOTIFY:
4447 hci_user_passkey_notify_evt(hdev, skb);
4448 break;
4449
4450 case HCI_EV_KEYPRESS_NOTIFY:
4451 hci_keypress_notify_evt(hdev, skb);
4452 break;
4453
0493684e
MH		 4454 case HCI_EV_SIMPLE_PAIR_COMPLETE:
4455 hci_simple_pair_complete_evt(hdev, skb);
4456 break;
4457
41a96212
MH		 4458 case HCI_EV_REMOTE_HOST_FEATURES:
4459 hci_remote_host_features_evt(hdev, skb);
4460 break;
4461
fcd89c09
VT		 4462 case HCI_EV_LE_META:
4463 hci_le_meta_evt(hdev, skb);
4464 break;
4465
9495b2ee
AE		 4466 case HCI_EV_CHANNEL_SELECTED:
4467 hci_chan_selected_evt(hdev, skb);
4468 break;
4469
2763eda6
SJ		 4470 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
4471 hci_remote_oob_data_request_evt(hdev, skb);
4472 break;
4473
d5e91192
AE		 4474 case HCI_EV_PHY_LINK_COMPLETE:
4475 hci_phy_link_complete_evt(hdev, skb);
4476 break;
4477
27695fb4
AE		 4478 case HCI_EV_LOGICAL_LINK_COMPLETE:
4479 hci_loglink_complete_evt(hdev, skb);
4480 break;
4481
606e2a10
AE		 4482 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
4483 hci_disconn_loglink_complete_evt(hdev, skb);
4484 break;
4485
9eef6b3a
AE		 4486 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
4487 hci_disconn_phylink_complete_evt(hdev, skb);
4488 break;
4489
25e89e99
AE		 4490 case HCI_EV_NUM_COMP_BLOCKS:
4491 hci_num_comp_blocks_evt(hdev, skb);
4492 break;
4493
a9de9248 4494 default:
9f1db00c 4495 BT_DBG("%s event 0x%2.2x", hdev->name, event);
1da177e4
LT		 4496 break;
4497 }
4498
4499 kfree_skb(skb);
4500 hdev->stat.evt_rx++;
4501}
Linux 6.x block layer and io_uring tree(s)